Default self-signed certificate is generated during Plesk installation

Symptoms

In some cases, when you install your trusted SSL certificate on Plesk, a self-signed certificate is displayed. This causes browser warning when accessing your domain via secure connection, for example:

pleskerr1

Cause

Such a situation occurs only when the domain you are trying to access and your server hostname match. Thus, when accessing https://domain.tld, the warning about localhost.localdomain (or another) default certificate is displayed. Even if you have not installed a self-signed certificate yourself, this might have been done by a service provider. It can also be installed automatically during initial Plesk installation.

In that case, a default SSL Virtual Host located in “/etc/httpd/conf.d/ssl.conf” sets up SSL certificates for all Virtual Hosts with the same name.

This being said, due to the way how mod_ssl interprets the configuration, all Virtual Hosts with the same name do not override mod_ssl settings and thus, the certificate stays the same in “/etc/httpd/conf.d/ssl.conf”.

Resolution

Workaround 1. Using the Plesk panel interface.
After a new certificate has been uploaded to Plesk and you wish to use it for domains, you should set it for every IP address you need. First of all, make sure the domain/IP is bound up with the correct (valid) certificate. To check it, go to Tools & Settings >> IP addresses management and change domain/IP to use the correct certificate:

pleskerr2

Workaround 2. Using server configuration file.
If you have root access to your server, then the following workaround can be applied. It is important to double-check all the files matching “/etc/httpd/conf.d/*.conf” for CentOS/RHEL (or /etc/apache2/conf.d/*.conf for Debian/Ubuntu systems) to find out the lines related to Virtual Host by running the following command in terminal:

  • for CentOS/RHEL:
  • # grep -iR '^[[:space:]]*<VirtualHost' /etc/httpd/conf.d/* | grep "_default_"

  • for Ubuntu/Debian:
  • # grep -iR '^[[:space:]]*<VirtualHost' /etc/apache2/conf.d/* | grep "_default_"

NB: name of the configuration file may also vary:

apache2.conf
httpd-ssl.conf
ssl.conf
default-ssl.conf

The example of the command looks in the following way: # grep -iR '^[[:space:]]*<VirtualHost' /etc/httpd/conf.d/* | grep "_default_" /etc/httpd/conf.d/ssl.conf:<VirtualHost _default_:443>

If the command returns the output, containing the configuration files that match the requested criteria, it is necessary to modify the listed files (like /etc/httpd/conf.d/ssl.conf in the example above) and comment out all the lines starting from <VirtualHost _default_:443> up to </VirtualHost>.

Please pay attention to the fact that you will need to stop and start (not just restart) your Apache server:

# apachectl stop

# apachectl start

Once the above actions are performed, your SSL certificate should be displayed correctly and no warning message should be shown. Feel free to check the installation of your SSL certificate here.

Should you have any difficulties during the process, feel free to contact our SSL Support Team via Live Chat or in a ticket for assistance!

Comments

We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close