Resolved Unable to set domain SSL to "Not Selected"

[Enverex]

We're trying to remove an SSL certificate from a domain but can't. Trying to remove it results in the error that it's currently assigned, which is fine because it is. The problem lies in the fact that it cannot be unassigned.

Going to "Website Scripting and Security" shows "Enable SSL Support" is enabled, where there should be a drop-down box is just the text stating which certificate is in use, no drop-down box thus making it impossible to set it back to "Not Selected".

Creating a second (dummy) certificate then going back into this section results in the drop-down box actually appearing now, but the only two options are the two SSL certificates - the ones we're trying to remove and the dummy one - still no "Not Selected" option.

If anyone's not sure where I'm referring to, I'm talking about this section - https://kb.plesk.com/Attachments/kcs-2423/Screenshot_59.png - basically "Not Selected" is never available as an option, thus we can never remove all SSLs from this domain.

Any ideas what's going on here and why this option is missing?

 

[Enverex]

Alright, DB hax seemed to work here. Removed it manually from the DB then went back into Plesk and hit OK on the various hosting pages to make sure it saved the new "no certificate" configuration properly in the various places.

Command for reference was: UPDATE hosting SET certificate_id = 0 WHERE dom_id = (domain ID);

 

[UFHH01]

Hi Enverex,

you don't provide informations about your used Plesk version ( incl. MU ) and the used operation system on your server, but you still could be informed about the => Reference for Command Line Utilities, Parallels Plesk Panel 11.5 for Linux ( for example ) <=

The commands:

1. /usr/local/psa/bin/subdomain -u example-subdomain-name -domain example-domain.com -ssl false
2. /usr/local/psa/bin/subdomain -u example-subdomain-name -domain example-domain.com -certificate-name "New Certificate"
3. /usr/local/psa/bin/subdomain -u example-subdomain-name -domain example-domain.com -ssl true

1. will first disable SSL support for the subdomain "example-subdomain-name" at "example-domain.com"
2. will assign the certificate with the name "New Certificate" for the subdomain "example-subdomain-name" at "example-domain.com"
3. will enable SSL support for the subdomain "example-subdomain-name" at "example-domain.com"

1. /usr/local/psa/bin/subscription -u example-domain.com -ssl false
2. /usr/local/psa/bin/subscription -u example.com -certificate-name "Site Certificate"
3. /usr/local/psa/bin/subscription -u example-domain.com -ssl true

1. will first disable SSL support for the domain "example-domain.com"
2. will assign the certificate with the name "New Certificate" for the domain "example-domain.com"
3. will enable SSL support for the domain "example-domain.com"

As you can see, there is no need to fiddle with your database. ​

 

[Enverex]

That doesn't do what we needed to do; We can enable and disable SSL fine and you can change certificates fine. What you can't do is set the certificate to "Not Selected". We need SSL to remain enabled (as there's an SSL at the IP level that should be used) so we need to remove the assigned certificate at the domain level, which can't be done if that option is missing.

 

[UFHH01]

Hi Enverex,

even that your solution results in the usage of the IP - specific certificate, you should be informed, that the regular usage is to ADD the desired certificate from your IP to the domain, to prevent issues/errors/failures, when new configuration files are created in case of patches/updates/upgrades.

 

[Enverex]

In this instance the user wanted a wildcard SSL certificate in place for multiple different hosting accounts, thus the only way to achieve this was to allocate the certificate to the IP and then the respective subscriptions that will use it, to that same IP.