• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

When a domain with enabled/installed SSL certificate is deactivated, in many cases the webserver configuration becomes broken

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
Username:

TITLE

When a domain with enabled/installed SSL certificate is deactivated, in many cases the webserver configuration becomes broken

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS 7.9, Obsidian since 18.0.37 at least

PROBLEM DESCRIPTION

On many servers and occasions we have observed that when a subscriber deactivates a domain that previously used an SSL certificate, the certificate file goes missing while the web server configuration file remains in place with the full non-disabled content. It seems that "later" (whenever that is, we don't know), the configuration is changed so that the web server configuration files no longer have the full content, but the "disabled" marker so that the missing certificates are no longer referenced.

The problem: During the phase when the SSL certificate files are missing (or maybe the references in the web server configuration files are simply wrong to non-existent files) and the update of the web server configuration file Apache and Nginx both report false syntax of their configurations. If for any reason a web server reload or restart becomes necessary, for example if other subscribers update their configuration, during that phase, the web server(s) fail to restart and all sites go offline.

STEPS TO REPRODUCE

We could not reliably reproduce the issue, but we have definitely seen it across at least three different machines during the past month.

1) Have a subscription with a Let's Encrypt SSL certificate in place. (Using SSLIt extension).
2) Login in as subsriber.
3) Set the domain to "deactivated".

Then run apachectl -t or nginx -t to see the result. Many a times the web server configuration becomes broken.

ACTUAL RESULT

First the SSL certificate name or reference is changed or the certificate files are removed, then the web server configuration is updated.

EXPECTED RESULT

First update the webserver configuration files to no longer reference the certificate files, then remove the certificates.

ANY ADDITIONAL INFORMATION

(DID NOT ANSWER QUESTION)

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
I can add to this that mainly the usage of the certificate(s) for webmail is affected:

Typical Apache ssl cert file error in this situation:
Code: 
Unable to generate the web server configuration file on the host <hostname> because of the following errors:

Template_Exception: AH00526: Syntax error on line 50 of /etc/httpd/conf/plesk.conf.d/webmails/<domainname>_webmail.conf:
SSLCertificateFile: file '/usr/local/psa/var/certificates/scfK8FqIH' does not exist or is empty

file: /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0

Please resolve the errors in web server configuration templates and generate the file again.

Typical nginx cert file error in this situation:
Code: 
Unable to generate the web server configuration file on the host <hostname> because of the following errors:

Template_Exception: nginx: [emerg] cannot load certificate "/usr/local/psa/var/certificates/scfAP7yzE": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/psa/var/certificates/scfAP7yzE','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

file: /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0

Please resolve the errors in web server configuration templates and generate the file again.

The solution so far is to set the web server and webmail configuration to "no ssl" (no certificate usage), then open the certificate list and remove the now "unused" certificate from there. In another case the solution was to create a new certificate for both, because the certificate list did not show any certificates while the configuration checks of the webservers referenced entries to the (missing) certificate.
 
You must log in or register to reply here.

Similar threads

D
Resolved Let's Encrypt Certificate missing domain name
Replies
2
Views
447
davorg
D
Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
551
Polli
Polli
Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2 3
Replies
48
Views
21K
gsk
gsk
M
SSL certificate renewal, every 3 months? / Renovación de certificado SSL, cada 3 meses?
Replies
2
Views
971
Raul A.
R
M
Issue No Domain Reachable when nginx enabled
Replies
11
Views
7K
mvstns
M
Back
Top