I bought yesterday a SSL certificate from Comodo (PositiveSsl).
I have three files to install : the certificate itself, the Root certificate and the intermediate certificate.
Where can I add the intermediate certificate file ? Currently, a SSL report shows that the chains is broken (which is actually right).
My current configuration is: Ubtuntu Server 10.04, Plesk 11.5 and Roundcube 0.9.5 (installed via Plesk as the default webmail application) on Apache.
I played around with an SSL checker (https://www.ssllabs.com/ssltest/) to test my certificates and I found out that Roundcube delivered a broken certificate chain. It didn't deliver the intermediate certificate correctly. I searched through the configuration file of roundcube (/etc/apache2/plesk.conf.d/roundcube.conf) and discovered that there was only an entry for SSLCertificateFile.
To fix this I added the intermediate certificate via SSLCACertificateFile to the configuration file:
Code:
SSLCertificateFile "/opt/psa/var/certificates/cert-1sCtWB"
SSLCACertificateFile "/opt/psa/var/certificates/cert-FGLFqQ"
The only problem is that this configuration file is generated automatically:
Code:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
I've got an issue with the intermediate certificate, I need to provide additional to my certificate. As usual, I created a cert bundle with certs in following order:
- key data (BEGIN RSA PRIVATE KEY)
- crt data (BEGIN CERTIFICATE
- intermediate data (BEGIN CERTIFICATE)
And uploaded it successful to Plesk 12 certificate management. In Chrome, it's working. In Firefox not (as the intermediate cert is not provided by Plesk 12, and Firefox requires it).
How to inject the intermediate certificate for Plesk 12?
Code:
# cat /root/.autoinstaller/microupdates.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<patches>
<product id="plesk" version="11.0.9" installed-at="20121209T212320">
<patch version="62" timestamp="" installed-at="20140723T035123" />
</product>
</patches>
Minutes after this microupdate auto-installed, I am unable to login to POP and IMAP on this server. None of the accounts are able to login. The logs indicate hundreds of login failures, accompanying a new record I've never seen in these logs:
Code:
pop3d-ssl: Unexpected SSL connection shutdown.
Unfortunately, I can't find anything about what MU#62 actually included. The changelog only indicates up to MU#61, so I'm very concerned:URL....
I've googled the specific error I'm seeing above, but nothing appears to be remotely related to this problem.Is it possible to roll back the MU to determine if that is in fact the problem?
Following the update from 11 to Plesk 12 (and installing latest Ubuntu fixes), the Plesk panel access is broken. Welcome page says:Can not load key: key is empty.And of course, no way to login the mgt interface. All services appear up, so this is only affecting the panel web service.
Fishing out the panel.log, it appears to be at a lower level than I initially thought (see below): experiencing issues after updating from 11 to 12 on Ubuntu (12)?
[18-May-2015 19:46:34 Europe/Berlin] PHP Warning: file_get_contents(/opt/psa/var/sso.sp.pem): failed to open stream: No such file or directory; File: /opt/psa/admin/externals/xmlseclibs.php, Line: 285
[18-May-2015 19:46:34 Europe/Berlin] Exception: PHP Warning: file_get_contents(/opt/psa/var/sso.sp.pem): failed to open stream: No such file or directory; File: /opt/psa/admin/externals/xmlseclibs.php, Line: 285
file: /opt/psa/admin/plib/Smb/Exception/Syntax.php
line: 56
[code]..
httpd fails to start after bootstrap. Log file below.
Warning: web server configuration is broken. We will try to repair it. This operation can take a lot of time, please do not interrupt the process.
Unable to rebuild web server configuration, possible there are broken domains
Trying to reconfigure web-server configurations skipping broken domains... Execution failed.
Command: httpdmng
Arguments: Array
(
[0] => --reconfigure-server
[1] => -no-restart
[2] => -service-node
[3] => local
)
[Code] ....
System:
Parallels Plesk v12.0.18_build1200140610.21 os_Ubuntu 14.04
Symptoms:
Whenever I click "File Sharing" in Plesk, I get the following error and no content is visible:
Internal error: Error in cURL request: IPv6 numerical address used in URL without bracketsClick to expand...
Unfortunately the encrypted FTP transfer is broken since Plesk upgraded to version 12. There are two cases:
Passiv FTP without encryption on port 21: everthing workes fine.
Passiv FTP with explicite TLS encryption on port 21: The control connection can be established by using TLS on port 21 but the data transfer can't be established by using passive mode (ETIMEDOUT - Connection attempt timed out)
I thought it could be a firewall issue but i'm currently unable to diable the firwall for testing since the configuration of the firewall is unreachable after upgrading to plesk 12! See second thread:URL....
All my sites using SSL are now broken and the panel says there are no certs.... I hope they are still there somewhere where I can find them.
View 6 Replies View RelatedI've have a problem with a server : we have create as usual certificate with Tools > SSL certificates.
When we want to put certificate with the domain, we don"t have the "Secure your sites" menu in the "websites and domains" sub category.
Why ? How can i activate the certificate with the domain ?
I have issue with qmail server. I want to update ssl certificate and for this i have replaced older servercert.pem with new servercert.pem file in /var / qmail/ control/. and restart service of qmail using qmailctl restart.But after updating this certificate my web browser still showing older certificate details.
View 1 Replies View RelatedI installed a new ssl certificate, changed it to be default and secure Plesk, switched the IP to use it. Now I wanted to remove the old one but it shows me that there is still one usage of this cert and I can't remove it. But how can I find what is using it?
View 5 Replies View RelatedI tried to remove the ssl certificate but although I have removed it from the IP I'm getting an error that it is still assigned to it. The solution in [URL] .... didn't work cause the Certificate field is grey out in my case.
View 1 Replies View RelatedI want to embed a SSL certificate for mailman permanently in the server.conf file.
For Roundcube I've found a manual: [URL] .... (in German), but not for Mailman.
I am replacing the default certificate in Plesk so that customers do not get a certificate warning when visiting the panel login page.
I've created the certificate in the "SSL Certificates" section made it default and used it to secure Plesk. However I've still got all the existing domains using the old default certificate, how can I do a mass changeover so that all existing domains are now using the new certificate?
I've updated the IP's to use the new certificate. When I go to "SSL Certificates" in "Tools and Settings", it seems that there are some domains now using the new certificate but quite a lot of the other are still not, how can I get these over too?
I’ve read the documentations of (PBAS, Plesk, and Securing Websites).how to add SSL Certificate to our Webmail? In addition, I need to know, how to request CSR key and install SSL for our mail server in order for us to protect our emails and to use the SSL Protocol in mail softwares such as Outlook? I will explain the scenario in details:
1- We have (www.example.com) which is our "Plesk Server hostname" and a subscription in our "Plesk Server".
2- We have (pbas.example.com) which is our "PBAS Server hostname" and it's not a subscription in our "Plesk Server".
3- We have (account.example.com) which is a "Subscription" in our "Plesk Server".
Here are the DNS records of our domain and subdomains:
Host-Type-Data
-A-192.168.1.30
www-A-192.168.1.30
mail-A-192.168.1.30
pbas-A-192.168.1.31
account-A-192.168.1.32
-MX-example.com.
how to generate CSR key for each domain/subdomain and how to install the SSL for it? Our "Plesk" is 11.5 and installed on CentOS 6.4.
When using `plesk bin --update domain.example.com -certificate-name 'certificate'`, Plesk always returns `Unable to find certificate`, I have verified the certificate exists using `plesk bin certificate -l -admin` and the spelling of the certificate name is correct. I can use the WebUI to associate the certificate to the site and have verified it works, however I need to automate this task.
Also, the online documentation for the `plesk bin site` command does not mention the `-certificate-name` option, however it is listed when running `plesk bin site -h`.
The documentation missing the information is found here: [URL] ....
I'm running Parallels Plesk 12 on Debian GNU/Linux 7.6...I have a valid certificate for my mail server : mail.mydomain.tld but I don't find the place in Plesk 12 to put it.
View 2 Replies View RelatedI installed a new certificate, made it default, assigned it to the shared ip address and made the plesk panel use it.
The problem is we have 200 virtual hosts using the old certificate. Is there a way to reconfigure all those domains easily.
My System:
Ubuntu 12.04
Plesk 12.0.18 Update #18
Only Webserver no mail
What I want:
I have an old sha1 certificate and I would change this for the whole server.
What I have done so far:
I have already uploaded the new sha256 certificate with a new private key to plesk (I can not simply replace the old one, plesk does not allow me to upload a new private key).
Then I set the new certificate as standard certificate and pressed the "secure pannel" button.
After that the panel uses the new certificate.
Then I set in "Tools & Settings -> IP Addresses" on both IP addresses the new certificate.
Reboot
But now the "Tools & Settings -> SSL Certificates" shows me that the old certificate is still used 2 times somewhere. But the Interface does not show where it is used. How can I find out where this certificate is used? I want to remove the old certificate from the server.
I am developing new module and installed SSL certificate using following API call.
Request call:
<packet>
<certificate>
<install>
[Code]....
But when i checked this domain by open in browser. the certificate is not installed. After lots of R&D i found that there are option of select SSL in hosting setting screen. The default selected SSL is "default certificate".
I have changed this option to "not selected".
After this changes i have installed certificate again and it is working fine. So is it bug in plesk or it is default behavior Plesk Panel?
I created a new SSL certificate and made that the default for the Panel in the SSL Certificates section. That works fine.
But my webmail URLs are still using the old certificate. E.g. https://webmail.mydomain.com
How do I update to the new certificate for webmail?
EDIT: creating a certificate for mydomain.com and using it in the Hosting Settings section did not work.
Outlook 2013 complains about the SSL certificate when using email. Installing the certificate still doesn't stop the error/warning. What are my options?
Can I install on the plesk server a self-signed SSL cert and avoid the issues?
Can I buy & install a single certificate for that one domain and resolve the issue but not affect others.
Do I need to buy a SAN certificate for the whole server?
BTW I'm running CentOS 6.5 and Plesk 12.
My default certificate expired recently. I created a new certificate "default certificate 2".
I used this certificate for "Secure the Panel"
I went to "Tools and Settings" -> "IP addresses" and made this certificate the default for all the IPs. On the page "Tools and Settings" -> "SSL certificates", it says Used: 0 next to "default certificate".
But when I try to delete it, it tells me: "Error: Unable to remove certificates: one or several certificates are assigned to the IP addresses/domains."
Is there anywhere I can check where this certificate is still used?
Any domain using a SSL certificate is switched to the default certificate after each Plesk update?This is starting to get annoying and we are disabling automatic updates due to this error...
View 2 Replies View RelatedI just upgraded from Plesk 11.x to 12.0.18 and was eager to try the new sieve functions. I used the normal Plesk Updates/Upgrades tool to change the imap server from Courier to Dovecot. However, Dovecot will not start. It gives an error about /etc/dovecot/private/ssl-cert-and-key.pem missing.
View 2 Replies View RelatedI have a new Plesk 12 installation. I have configured a domain (example.com) with hosting that also requires wildcard subdomains.
To achieve this I had to create a vhost.conf file with...
ServerAlias *.example.com
This works and I can go to http://anything.example.com with no issue.
I purchased a wildcard SSL certificate for *.example.com and successfully installed it.
If I go to https://example.com it works perfectly and shows the correct certificate, however if I go to https://anything.example.com it tells me the connection is untrusted, when I view the certificate, it shows the Parallels Plesk self certified certificate and not my purchased certificate.
I created a vhost_ssl.conf with
ServerAlias *.example.com
ServerAlias *.example.com:443 #tried with and without this line
If I add an exception in the browser, then I am taken to the correct place, albeit with the incorrect certificate.
Of course I have executed httpdmng --reconfigure-domain example.com and also tried a full reboot.
In summary:
http://example.com - works
http://anything.example.com - works
https://example.com works with my certificate
https://anything.example.com has Parallels certificate but routes to correct page
After installing a RapidSSL certificate in a subdomain, https redirects automatically to http,
Plesk 11.5 with debian and last version openssl
Why https redirect to http when I setup the certificate?
I have little problem with Certificate SSL
Have Plesk 12 in Centos...all working fine...but I have assigned dedicated IP for one domain, have request certificate (as admin) for this domain, purchase certificate in Comodo and installed...this certificate working fine and SSL Checker is good...problem is in domain how have assigned this certificate in menu SSL not appear...
I have only Default Certificate (certificate Plesk self signed) and Not Selected...but name for real certificate CA not appear...in Admin IP Address have all ok...IP for this domain and certificate (name of certificate installed) and website.... With this problem is normal? How configure SSL for email?
When i add the private key and certificate via plesk panel, i get the following error:
ERR [panel] Unable to set the certificate: Unable to put certificate file: Unable to arrange cert file: file_put_contents failed:
"Unable to set the certificate: Invalid certificate format." when i enter my key..
How can i fix this problem?