Plesk 12.x / Linux :: Disabling Weak SSL Ciphers - Sites Are Down
Jul 8, 2015
After successfully changing to a fresh created dhparam pem and a reissue of my certificate all was well.
A couple of other things needed to be done so I followed the article: [URL] ....
nginxDomainVirtualHost.php was already present so the only thing I did was adding the ciphers I got from another site (ciphers that also gave me XP and IE8 support etc.)
After executing the httpdmng --reconfigure-all command I instantly got a error message:
Details: (timestamp) ERR [util_exec] proc_close() failed
(timestamp) ERR [panel] Apache config (14364042360.16209100) generation failed:
Template_Exception: nginx: [emerg] unknown directive "HIGH:!aNULL:!MD5"
[Code] .....
Why are "HIGH:!aNULL:!MD5" unknown directives? How can I merge:
ssl_ciphers
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:
[Code] ....
into these these automatically created @domainname.conf files of all my sites without getting this error.
I'm hosting 5 sites, all 5 sites are down now because of the missing conf files.
View 9 Replies
ADVERTISEMENT
Nov 9, 2014
I am testing our Plesk linux-server (Plesk 12.0.18 on RHEL 6.6 x64) for SSL high security configuration with Qualys SSL Labs reccomendations (https://www.ssllabs.com/ssltest/).
Best choise today is using Elliptic Curves Ciphers Suite for secure-connection negotiating, but I could not force plesk-contributed sw-nginx to using elliptic curves ciphers suite (sw-nginx-1.6.0-1.14051516.rhel6.x86_64):
when place ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDH+AESGCM; to nginx server and vhost configurations, then secure negotiation is not established.
Starting from RHEL6.5 Red Hat contribute openssl with EC ciphers - https://access.redhat.com/documenta...erprise_Linux/6/html-single/6.5_Release_Notes (openssl-1.0.1e-30.el6_6.4.x86_64)
OpenSSL on live system shows these ciphers:
openssl ciphers -v | grep ECDHE
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
I think, the problem is that the sw-nginx is compiled with old openssl binaries without elliptic curves support.Can Plesk development team recompille and release updated sw-nginx package..Сan use genuine nginx package from official nginx repository instead of sw-nginx package?
View 5 Replies
View Related
Aug 23, 2014
Many of our clients create e-mail accounts that forward incoming e-mail to mailboxes hosted on other e-mail services. e.g., Gmail.
Lately, though, a handful of these accounts have been receiving a lot of spam (i.e., UCE) and that's been causing a lot of damage to our reputation with these other e-mail services because the message that's being forwarded appears to have originated from our servers.
Code:
<someuser@gmail.com>: host gmail-smtp-in.l.google.com[64.233.183.27]
said: 552-5.7.0 This message was blocked because its content presents a
potential 552-5.7.0 security issue. Please visit 552-5.7.0
http://support.google.com/mail/bin/answer.py?answer=6590 to review our 552
5.7.0 message content and attachment content guidelines.
g20si28780491ici.46 - gsmtp (in reply to end of DATA command)
Is there some way to...
Find accounts that are configured to forward to gmail?
Disable forwarding in accounts that are configured to forward to gmail?
View 4 Replies
View Related
Apr 15, 2015
I'm trying to get a list of all sites on a Plesk 12 server. This is the request:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<packet version="1.6.6.0">
<site>
[Code].....
View 4 Replies
View Related
Apr 30, 2015
Started after last update 12.0.18 Update #44 (on CloudLinux): I can send mail wia created mailboxes, but sites can not send mail, contact forms say "Failed to send your message." maillog file also do not indicate sending any messages from domains. Wordpress restore password claims:
"The e-mail could not be sent.
Possible reason: your host may have disabled the mail() function."
php.ini is default:
safe_mode = Off
disable_functions = is empty
The issue about not sending mail from domains was - old versions of LVE anf CageFS are incompatible with latest plesk update, updating them caused all sites in Cagefs to throw error 500 with log string: "SecureLVE jail error Invalid regexps: no match for path to base home directory". It was fixed by changing cagefs.base.home.dirs regexp to the real sites folder location. Enabling cagefs back removed one of the files it shouldn't:
"Removed file /var/cagefs/81/xxx/etc/php.d/soap.ini"
So be carefull to place necesssary files back.
For now everything works.
Click to expand...
Click for original message
View 8 Replies
View Related
Sep 9, 2014
I just want to remove plesk and installed again. i saw (URL...) this page. use this code but plesk not removed. my sites are gone.how can i get back my site? what i should install.When i try install plesk 12 says you already install version 11.0.9
View 7 Replies
View Related
Dec 17, 2014
We have installed Plesk 12 on a fresh up to date Ubuntu 14.04 x64 server.
After installation, and before any migration, we have moved some folders:
- /var/www/vhosts -> /opt/vhosts
- /var/qmail -> /opt/qmail
- /var/mysql -> /opt/mysql
We have created symlinks, modified some configuration files (Plesk included) and ran domains reconfiguration script (zero domain installed, but just in case the script will do anything else).
After that, we have launched Plesk Migration Wizard (from Plesk 9 to last release).
Everything has worked fine: all domains have been migrated on our new folders (/opt based) and owners has been correctly defined for each domain. The same for MySQL and all mail accounts.
We have checked Apache VirtualHost configured by Plesk Migration Wizard : our new folders are used (/opt).
So all seems to be ok.
But now, all websites (configured with Apache and Apache PHP module) returns 403 Forbidden error.
We have try changing to FastCGI with Apache same error.
We have try changing to full Nginx (PHP and static files), some websites run.
We have checked some KB (112884, 800) but all seems to be good.
Is there any steps we have omitted when we move folders ?
View 11 Replies
View Related
Jun 21, 2015
I am seeing some some some strange behaviour when password protecting directories served by nginx and PHP-FPM. If I have a site set up so that 'Process PHP by nginx' is selected under ('Websites & Domains>Web Server Settings>nginx settings') and set up password protection ('Websites & Domains>Password-Protected Directories') PHP pages are still served without asking for a password.
If I untick 'Process PHP by nginx' the behaviour returns to normal and an attempt to any access files results in the password request.Is this behaviour by design? If so, it is not made clear when you set up the password protection that it will not apply to PHP pages if you have nginx process the PHP pages.
OS: CentOS 6.6 (Final)
Plesk version: 12.0.18 Update #51
View 2 Replies
View Related
Dec 29, 2014
Today I reboot my server. And after that my sites are not opening.
View 2 Replies
View Related
Sep 25, 2014
OS: Centos 6.5
Plesk Version: 12.0.18
Recently, we had trouble with Horde, which I Re-installed. However, since then any change that is made to a domain in plesk (changing mailbox settings, domain settings, hosting settings) All website show the default plesk page and I will have to re-run the reconfigure-all command in SSH to bring them all back up. Sometimes even that won't work and I will have to re-run the bootstrap repair command. We were actually on Plesk 11 when this started happening, so we upgraded to Plesk 12, but unfortunately this did not fix the issue.
We have around 500 customer websites on this server, so obviously the changes are made often and the sites going down on every change isn't great at all.
I have a long list of these errors in my error Plesk error log:
2014/09/25 17:31:53 [error] 818#0: *1566 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: *.*.*.*, server: , request: "$
But I can't seem to find out if this is the cause, or how to fix this error correctly on a Plesk install.
View 1 Replies
View Related
Nov 12, 2014
I am trying to increase the PHP memory limit for all Plesk hosted sites.
I've updated the 'memory_limit' setting in /etc/php.ini
Then I ran
Code:
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
/usr/local/psa/admin/sbin/httpdmng --reconfigure-server
Checking a phpinfo() page on hosted sites I see that this setting has not been effective.
Checking some /var/www/vhosts/system/domain.com/etc/php.ini also shows the old setting, and I can see that these files have not been updated.
I note that all these domain php.ini files have been modified earlier today, all at the same time, so presumably some process did regenerate them earlier. All these files hae the "DO NOT MODIFY ..." heading
I realise that I can go the the domain in Plesk GUI and save the PHP settings to force an update, but is there anyway to force the regeneration of all of these files via CLI?
View 3 Replies
View Related
Oct 22, 2014
When I turn on nginx for the server I am able to browse non SSL protected sites correctly. I receive a 502 Bad Gateway error on any sites that have an SSL certificate. Is there a fix for this? I have been unable to find one.
I am running Plesk 12 on an Ubuntu server.
View 6 Replies
View Related
Nov 14, 2014
I have a new DS with Plesk 12. I needed to change the default /var/www/vhosts location to a different physical drive, with more capacity.The larger disk is mounted as /disk1, so I created a folder here called vhosts, moved everything from the existing /var/www/vhosts directory, then I mounted /disk1/vhosts as /var/www/vhosts. See my fstab output below.
I then edited /etc/psa/psa.conf to update the VHOSTS location as per [URL] ...., and restarted Apache, MySQL and reconfigured domains.I thought all was OK, and that Plesk would just see /var/www/vhosts as normal, but I proceeded to migrate domains from another server to this box, and found that whilst some sites were working OK, many were not.
I was finding that existing config directives that used <Directory> were being ignored or seemed to disappear.All sites with .htaccess files stopped workingWe would get Apache / PHP errors saying that files could not be accessed as they were not in the allowed path for the domain. Plesk seems to be logging, reporting, and handling files as if they were in /disk1/vhosts, not the usual location. I have got sites working by adding /var/www/vhosts/ domain and /disk1/vhosts/domain to the PHP Settings page as allowed paths.
I have checked in the httpd.conf for each domain, and they all list the site document root as /disk1/vhosts/domain, not /var/www/vhosts/domain.It's as if Plesk is ignoring the change in /etc/psa/psa.conf.
All I want is for Plesk to think that /var/www/vhosts is the document root for all domains, and not do anything with /disk1/vhosts. I have many sites with hard coded links to included files in /var/www/vhosts/domain, and I dont want to have to rewrite them all to use /disk1/vhosts.
I have had to stick HTTP configuration directives on nearly every site, and add these entries to the allowed paths box, which obviously I should not have to do. Can any Plesk / Linux gurus tell me what I need to do to fix my problem, get sites working in /var/www/vhosts, and have Plesk allow .htaccess files to work without me having to add "AllowOverride All" to every domains??
# /etc/fstab
# Created by anaconda on Tue Oct 14 05:22:57 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
[code]....
View 2 Replies
View Related
Sep 25, 2014
All my sites using SSL are now broken and the panel says there are no certs.... I hope they are still there somewhere where I can find them.
View 6 Replies
View Related
Nov 19, 2014
I have a Plesk 12 server running that works great. But the problem is that whenever one of my shared hosting customers changes something out a domain or subdomain, all the other sites on the server give a 502 error.
The reason why is clear to me: apache is reloading its config while nginx is still active, but sees apache as being down and therefor throws a 502 error.
Is there any way to prevent this from happening? Because it's happening a lot and people are sending in 'site down' reports while there's actually nothing wrong with the server or their site.
View 2 Replies
View Related
Apr 6, 2015
Since hour ago my sites just stopped and Plesk, too. Error when trying to open plesk is:
ERROR: Zend_Db_Adapter_Exception: SQLSTATE[HY000] [2002] No such file or directory (Abstract.php:144)
Plesk just won't start.
View 1 Replies
View Related
Apr 2, 2015
I run a centos 6 plesk 12 server with around 7 domains.All runs perfect untill a 3 hours ago. The server was offline.After reboot plesk starts up without a problem but the sites keep offline. While httpd and mysqld and psa runs perfect.Also cannot find error messages in the messages, error_log or anything. How to proceed debugging?
View 2 Replies
View Related
Jun 8, 2014
OSCentOS 5.6 (Final)
Panel version11.0.9 Update #61
The system is up-to-date; last checked at June 6, 2014 03:32 AM
I use pingdom to alert me when sites go down. It would happen only once every few weeks, and I'd just reboot the VPS from my provider's control panel, however in the last 24 hours it has started doing it more and more often. The only change I have made in this time is to delete a few unused web sites.
When I get alerted, I check the the domains and they won't load. I look at the plesk control panel page thought and that does work.
I can SSH in, but I can't see anything that might work in the messages log.
I removed the plesk control panel error as that only seemed to happen once and is not happening anymore.
I saw quite a few entries in the /var/log/secure log and so I added iptables rules to only allow SSH access from my own IP and to DROP all other requests. It seemed fine for a while, but after 12 hours it has started becoming unresponsive again until reboot.
View 4 Replies
View Related
Jan 31, 2015
For some reason I am having issues with latest Plesk with php and wordpress. HTML sites are fine, but all php and wordpress sites are giving a 502 error after fully migrating. I repaired with Webserver Configurations Troubleshooter and rebooted and its still giving me the same issue.Also, noticed my previous server had php 5.4.36, the new CentOS server has 5.4.37.
View 5 Replies
View Related
Apr 10, 2013
We are currently running ColdFusion 9 on an Apache server. After running a Webinspect scan for one of our web applications, a weak cipher vulnerability was flagged as critical. Their recommended change to the httpd.conf file is listed below. We made the change and restarted our server but the same vulnerability came up again. How to eliminate the weak cipher vulnerability?
SSLCipherSuite ALL:!aNull:!ADH:!eNull:!LOW:!EXP:!NULL:RC4+RSA:+HIGH:+MEDIUM
View 3 Replies
View Related
Aug 31, 2014
I have some error with my server. All my sites are inaccessible.
Code:
Template_Exception: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/opt/psa/var/certificates/cert-ao0glw") failed (SSL: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:Type=X509_ALGOR error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO error:0907B00D:PEM
[Code] .....
View 2 Replies
View Related
Apr 18, 2007
I have RH ES4 running as a vhost on Plesk.
Does anyone know how I can turn off IonCube? I don't see the .so for IonCube in php.ini
View 4 Replies
View Related
Oct 23, 2007
how can i fix my dns problem?
it's shutdown now for 3-5 hours then it's back again!
but i have root login and the ip still work
View 14 Replies
View Related
Oct 30, 2007
I'm going to migrate my current web server to Plesk soon, and before I would like to know if I need a stable Internet connection to use the migration tool. My sites and databases are more than 5GB and my Internet connection at home is not very stable currently, so I would like to know if the migration stops as soon my Internet connection interrupts, or if it's completes automatically between the two servers once the migration has been started.
View 5 Replies
View Related
Dec 15, 2014
We are having an issue with websites randomly getting disabled within our PPA system. There doesn't seem to be any reason why they are getting disabled. Our PPA is not tied to a billing system that would make them shut off. Turning them back on works fine but it shouldn't be just shutting them off.
View 2 Replies
View Related
Sep 5, 2007
Does anyone know of a hosting Linux package (must be UK based) that has the usuals (PHP, MySQL, subdomains, email, Apache ModRewrite) that is geared towards hosting lots of low bandwidth sites?
I use several great hosters but they limit the amount of addon domains or charge you through the roof for extra ones. I'm thinking a package that will let me do 15 - 25 domains. More would be a bonus. The bandwidth allowance is not a problem. A lot of my customers' sites use less than 100 MB a month.
View 5 Replies
View Related
Jan 29, 2007
When trying to access any web sites or webmail on a plesk server i keep getting the following.
Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Nothing as far as i can see has changed on the server.
I cant access plesk control panel due to network restrictions but have command line access.
what could of caused this blanket ban?
Cant see any changes in .htaccess files, but didnt think that plesk would affect these much anyway
View 5 Replies
View Related
Sep 8, 2013
I do wanted to know if there is any option to program plesk, so that it does separately backups of all sites instead of doing a globally backup of all things in one file.
I do not mind that people an synchronize their account with one of their ftp servers to do backups but what I do want is me also to do backups of all sites separately.
View 5 Replies
View Related
Jan 6, 2015
We have several sites on one server. When I use the plesk wordpress manager it some how updates the User and Group permissions on folders and files with the username apache. How or what command do I run to get it to use the site username and psacln. It appears something maybe in an update or whatever has caused this issue. This only occurs with wordpress and drupal updates from the plesk interface.
What command can I run just to update the permissions to update all users to a username and psacln security settings on folders and directories.Running Plesk 12.0.18 and CentOS7
View 1 Replies
View Related
Jan 27, 2014
On windows 2008 server with Plesk 11.5, the Secure your Sites option is not displayed. In addition unable to share SSL certificates across many sites with shared IP address.
View 4 Replies
View Related
