Plesk Can't Reload or Cancel SSL/TLS Certificate

Help
21

I was able to download a server report which includes httpd.conf, is that what you are referring too or should I be looking for the /var/www/vhosts/system/**<domain_name>**/conf/` directory? Not exactly sure how to view root web server files.

22

SSL:TLS Certificate Page 1
SSL:TLS Certificate Page 11926×694 47.4 KB

That is what shows on the SSL/TLS Certificate page.

SSL:TLS Certificate Page 2
SSL:TLS Certificate Page 22398×1210 234 KB

That is what shows if I click Reload.

SSL:TLS Certificate Page 3
SSL:TLS Certificate Page 31840×1160 143 KB

If I click Cancel I get this.

SSL:TLS Certificate Page 4
SSL:TLS Certificate Page 41192×514 34.1 KB

If I click Yes, cancel I get the Install button, but then I click Get it free and it goes back to the second screenshot.

23

That sounds right.

2 Likes
24

You mean the first button from your last screenshot?

3 Likes
25

Sorry, when I click Install I can configure the certificate, then on that page I click Get it free and to goes back to this screenshot...

SSL:TLS Certificate Page 2
SSL:TLS Certificate Page 22398×1210 234 KB

26

Does that page with the "Get it free" button have any other options?

3 Likes
27 
<IfModule mod_ssl.c>

        <VirtualHost 70.32.66.107:7081 >
                ServerName "loftyliterature.com"
                ServerAlias "www.loftyliterature.com"
                ServerAlias "ipv4.loftyliterature.com"
                ServerAlias "loftyliterature.ca"
                ServerAlias "www.loftyliterature.ca"
                ServerAlias "ipv4.loftyliterature.ca"
                ServerAlias "paulahiscox.ca"
                ServerAlias "www.paulahiscox.ca"
                ServerAlias "ipv4.paulahiscox.ca"
                ServerAlias "paulahiscox.com"
                ServerAlias "www.paulahiscox.com"
                ServerAlias "ipv4.paulahiscox.com"
                ServerAlias "rudydornhoffer.ca"
                ServerAlias "www.rudydornhoffer.ca"
                ServerAlias "ipv4.rudydornhoffer.ca"
                ServerAlias "rudydornhoffer.com"
                ServerAlias "www.rudydornhoffer.com"
                ServerAlias "ipv4.rudydornhoffer.com"
                UseCanonicalName Off

                CustomLog /var/www/vhosts/system/loftyliterature.com/logs/access_ssl_log plesklog
                ErrorLog "/var/www/vhosts/system/loftyliterature.com/logs/error_log"

                DocumentRoot "/var/www/vhosts/loftyliterature.com/httpdocs"

                <IfModule mod_suexec.c>
                        SuexecUserGroup "loftyliterature.ca_umar9uwupr" "psacln"
                </IfModule>

                <IfModule mod_userdir.c>
                        UserDir "/var/www/vhosts/loftyliterature.com/web_users/*"
                </IfModule>

                <IfModule mod_sysenv.c>
                        SetSysEnv PP_VHOST_ID "5020f857-93a8-44c3-9e6a-fa2ee51bb22b"
                </IfModule>

                Alias "/plesk-stat" "/var/www/vhosts/system/loftyliterature.com/statistics"
                <Location  /plesk-stat/>
                        Options +Indexes
                </Location>
                <Location  /plesk-stat/logs/>
                        Require valid-user
                </Location>
                Alias /webstat /var/www/vhosts/system/loftyliterature.com/statistics/webstat
                Alias /webstat-ssl /var/www/vhosts/system/loftyliterature.com/statistics/webstat-ssl
                Alias /ftpstat /var/www/vhosts/system/loftyliterature.com/statistics/ftpstat
                Alias /anon_ftpstat /var/www/vhosts/system/loftyliterature.com/statistics/anon_ftpstat
                Alias /awstats-icon /usr/share/awstats/wwwroot/icon

                SSLEngine on
                SSLVerifyClient none
                SSLCertificateFile /usr/local/psa/var/certificates/certTqbbZeh

                <Directory /var/www/vhosts/loftyliterature.com/httpdocs>

                        <IfModule mod_fcgid.c>
                                <Files ~ (\.fcgi$)>
                                        SetHandler fcgid-script
                                        Options +ExecCGI
                                </Files>
                        </IfModule>
                        <IfModule mod_proxy_fcgi.c>
                                <Files ~ (\.php$)>
                                        SetHandler proxy:unix:/var/www/vhosts/system/loftyliterature.com/php-fpm.sock|fcgi://127.0.0.1:9000
                                </Files>
                        </IfModule>

                        SSLRequireSSL

                        Options -Includes -ExecCGI

                </Directory>

                <Directory "/var/www/vhosts/system/loftyliterature.com/statistics">
                        AuthType Basic
                        AuthName "Domain statistics"
                        AuthUserFile "/var/www/vhosts/system/loftyliterature.com/pd/d..httpdocs@plesk-stat"
                        require valid-user
                </Directory>

                Alias /error_docs /var/www/vhosts/loftyliterature.com/error_docs
                ErrorDocument 400 /error_docs/bad_request.html
                ErrorDocument 401 /error_docs/unauthorized.html
                ErrorDocument 403 /error_docs/forbidden.html
                ErrorDocument 404 /error_docs/not_found.html
                ErrorDocument 500 /error_docs/internal_server_error.html
                ErrorDocument 405 /error_docs/method_not_allowed.html
                ErrorDocument 406 /error_docs/not_acceptable.html
                ErrorDocument 407 /error_docs/proxy_authentication_required.html
                ErrorDocument 412 /error_docs/precondition_failed.html
                ErrorDocument 414 /error_docs/request_uri_too_long.html
                ErrorDocument 415 /error_docs/unsupported_media_type.html
                ErrorDocument 501 /error_docs/not_implemented.html
                ErrorDocument 502 /error_docs/bad_gateway.html
                ErrorDocument 503 /error_docs/maintenance.html

                DirectoryIndex "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml"
                <IfModule mod_rewrite.c>
                        RewriteEngine On
                        RewriteCond %{HTTP_HOST} ^loftyliterature\.ca$ [NC,OR]
                        RewriteCond %{HTTP_HOST} ^www\.loftyliterature\.ca$ [NC]
                        RewriteRule ^(.*)$ https://loftyliterature.com$1 [L,R=301]
                        RewriteCond %{HTTP_HOST} ^paulahiscox\.ca$ [NC,OR]
                        RewriteCond %{HTTP_HOST} ^www\.paulahiscox\.ca$ [NC]
                        RewriteRule ^(.*)$ https://loftyliterature.com$1 [L,R=301]
                        RewriteCond %{HTTP_HOST} ^paulahiscox\.com$ [NC,OR]
                        RewriteCond %{HTTP_HOST} ^www\.paulahiscox\.com$ [NC]
                        RewriteRule ^(.*)$ https://loftyliterature.com$1 [L,R=301]
                        RewriteCond %{HTTP_HOST} ^rudydornhoffer\.ca$ [NC,OR]
                        RewriteCond %{HTTP_HOST} ^www\.rudydornhoffer\.ca$ [NC]
                        RewriteRule ^(.*)$ https://loftyliterature.com$1 [L,R=301]
                        RewriteCond %{HTTP_HOST} ^rudydornhoffer\.com$ [NC,OR]
                        RewriteCond %{HTTP_HOST} ^www\.rudydornhoffer\.com$ [NC]
                        RewriteRule ^(.*)$ https://loftyliterature.com$1 [L,R=301]
                </IfModule>

                <Directory /var/www/vhosts/loftyliterature.com>
                        AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,SymLinksIfOwnerMatch,MultiViews,FollowSymLinks,ExecCGI,Includes,IncludesNOEXEC
                </Directory>

                #extension letsencrypt begin
                Alias /.well-known/acme-challenge "/var/www/vhosts/default/htdocs/.well-known/acme-challenge"

                <Location /.well-known/acme-challenge/>
                        # Require all granted
                        Order Deny,Allow
                        Allow from all
                        Satisfy any
                </Location>

                <LocationMatch "^/.well-known/acme-challenge/(.*/|)\.">
                        # Require all denied
                        Order Allow,Deny
                        Deny from all
                </LocationMatch>
                #extension letsencrypt end

                #extension wp-toolkit begin
                # "Block access to wp-config.php"
                # To remove this rule, revert this security measure on each WordPress installation on this domain
                <Files wp-config.php>
                        Require all denied
                </Files>

                # "Block directory browsing"
                # To remove this rule, revert this security measure on each WordPress installation on this domain
                <Directory "/var/www/vhosts/loftyliterature.com/httpdocs">
                        Options -Indexes
                </Directory>

                # "Block access to sensitive files"
                # To remove this rule, revert this security measure on each WordPress installation on this domain
                <LocationMatch "(?i:(?:wp-config\\.bak|\\.wp-config\\.php\\.swp|(?:readme|license|changelog|-config|-sample)\\.(?:php|md|txt|htm|html)))">
                        Require all denied
                </LocationMatch>

                # "Disable PHP execution in cache directories"
                # To remove this rule, revert this security measure on each WordPress installation on this domain
                <LocationMatch "(?i:.*/cache/.*\\.ph(?:p[345]?|t|tml))">
                        Require all denied
                </LocationMatch>

                #extension wp-toolkit end

                #extension sslit begin

                #extension sslit end

                #extension sectigo begin
                AliasMatch "^/.well-known/pki-validation/(?!fileauth.txt)$" "/var/www/vhosts/default/htdocs/.well-known/pki-validation/$1"

                <Location /.well-known/pki-validation/>
                        # Require all granted
                        Order Deny,Allow
                        Allow from all
                        Satisfy any
                </Location>

                <LocationMatch "^/.well-known/pki-validation/(.*/|)\.">
                        # Require all denied
                        Order Allow,Deny
                        Deny from all
                </LocationMatch>
                #extension sectigo end
        </VirtualHost>

</IfModule>

<VirtualHost 70.32.66.107:7080 >
        ServerName "loftyliterature.com"
        ServerAlias "www.loftyliterature.com"
        ServerAlias "ipv4.loftyliterature.com"
        ServerAlias "loftyliterature.ca"
        ServerAlias "www.loftyliterature.ca"
        ServerAlias "ipv4.loftyliterature.ca"
        ServerAlias "paulahiscox.ca"
        ServerAlias "www.paulahiscox.ca"
        ServerAlias "ipv4.paulahiscox.ca"
        ServerAlias "paulahiscox.com"
        ServerAlias "www.paulahiscox.com"
        ServerAlias "ipv4.paulahiscox.com"
        ServerAlias "rudydornhoffer.ca"
        ServerAlias "www.rudydornhoffer.ca"
        ServerAlias "ipv4.rudydornhoffer.ca"
        ServerAlias "rudydornhoffer.com"
        ServerAlias "www.rudydornhoffer.com"
        ServerAlias "ipv4.rudydornhoffer.com"
        UseCanonicalName Off

        CustomLog /var/www/vhosts/system/loftyliterature.com/logs/access_log plesklog
        ErrorLog "/var/www/vhosts/system/loftyliterature.com/logs/error_log"

        DocumentRoot "/var/www/vhosts/loftyliterature.com/httpdocs"

        <IfModule mod_suexec.c>
                SuexecUserGroup "loftyliterature.ca_umar9uwupr" "psacln"
        </IfModule>

        <IfModule mod_userdir.c>
                UserDir "/var/www/vhosts/loftyliterature.com/web_users/*"
        </IfModule>

        <IfModule mod_sysenv.c>
                SetSysEnv PP_VHOST_ID "5020f857-93a8-44c3-9e6a-fa2ee51bb22b"
        </IfModule>

        Redirect permanent /plesk-stat https://loftyliterature.com/plesk-stat
        Redirect permanent /webstat https://loftyliterature.com/webstat
        Redirect permanent /webstat-ssl https://loftyliterature.com/webstat-ssl
        Redirect permanent /ftpstat https://loftyliterature.com/ftpstat
        Redirect permanent /anon_ftpstat https://loftyliterature.com/anon_ftpstat
        Redirect permanent /awstats-icon https://loftyliterature.com/awstats-icon

        <IfModule mod_ssl.c>
                SSLEngine off
        </IfModule>

        <Directory /var/www/vhosts/loftyliterature.com/httpdocs>

                <IfModule mod_fcgid.c>
                        <Files ~ (\.fcgi$)>
                                SetHandler fcgid-script
                                Options +ExecCGI
                        </Files>
                </IfModule>
                <IfModule mod_proxy_fcgi.c>
                        <Files ~ (\.php$)>
                                SetHandler proxy:unix:/var/www/vhosts/system/loftyliterature.com/php-fpm.sock|fcgi://127.0.0.1:9000
                        </Files>
                </IfModule>

                Options -Includes -ExecCGI

        </Directory>

        <Directory "/var/www/vhosts/system/loftyliterature.com/statistics">
                AuthType Basic
                AuthName "Domain statistics"
                AuthUserFile "/var/www/vhosts/system/loftyliterature.com/pd/d..httpdocs@plesk-stat"
                require valid-user
        </Directory>

        Alias /error_docs /var/www/vhosts/loftyliterature.com/error_docs
        ErrorDocument 400 /error_docs/bad_request.html
        ErrorDocument 401 /error_docs/unauthorized.html
        ErrorDocument 403 /error_docs/forbidden.html
        ErrorDocument 404 /error_docs/not_found.html
        ErrorDocument 500 /error_docs/internal_server_error.html
        ErrorDocument 405 /error_docs/method_not_allowed.html
        ErrorDocument 406 /error_docs/not_acceptable.html
        ErrorDocument 407 /error_docs/proxy_authentication_required.html
        ErrorDocument 412 /error_docs/precondition_failed.html
        ErrorDocument 414 /error_docs/request_uri_too_long.html
        ErrorDocument 415 /error_docs/unsupported_media_type.html
        ErrorDocument 501 /error_docs/not_implemented.html
        ErrorDocument 502 /error_docs/bad_gateway.html
        ErrorDocument 503 /error_docs/maintenance.html

        DirectoryIndex "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml"
        <IfModule mod_rewrite.c>
                RewriteEngine On
                RewriteCond %{HTTP_HOST} ^loftyliterature\.ca$ [NC,OR]
                RewriteCond %{HTTP_HOST} ^www\.loftyliterature\.ca$ [NC]
                RewriteRule ^(.*)$ http://loftyliterature.com$1 [L,R=301]
                RewriteCond %{HTTP_HOST} ^paulahiscox\.ca$ [NC,OR]
                RewriteCond %{HTTP_HOST} ^www\.paulahiscox\.ca$ [NC]
                RewriteRule ^(.*)$ http://loftyliterature.com$1 [L,R=301]
                RewriteCond %{HTTP_HOST} ^paulahiscox\.com$ [NC,OR]
                RewriteCond %{HTTP_HOST} ^www\.paulahiscox\.com$ [NC]
                RewriteRule ^(.*)$ http://loftyliterature.com$1 [L,R=301]
                RewriteCond %{HTTP_HOST} ^rudydornhoffer\.ca$ [NC,OR]
                RewriteCond %{HTTP_HOST} ^www\.rudydornhoffer\.ca$ [NC]
                RewriteRule ^(.*)$ http://loftyliterature.com$1 [L,R=301]
                RewriteCond %{HTTP_HOST} ^rudydornhoffer\.com$ [NC,OR]
                RewriteCond %{HTTP_HOST} ^www\.rudydornhoffer\.com$ [NC]
                RewriteRule ^(.*)$ http://loftyliterature.com$1 [L,R=301]
        </IfModule>

        <Directory /var/www/vhosts/loftyliterature.com>
                AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,SymLinksIfOwnerMatch,MultiViews,FollowSymLinks,ExecCGI,Includes,IncludesNOEXEC
        </Directory>

        #extension letsencrypt begin
        Alias /.well-known/acme-challenge "/var/www/vhosts/default/htdocs/.well-known/acme-challenge"

        <Location /.well-known/acme-challenge/>
                # Require all granted
                Order Deny,Allow
                Allow from all
                Satisfy any
        </Location>

        <LocationMatch "^/.well-known/acme-challenge/(.*/|)\.">
                # Require all denied
                Order Allow,Deny
                Deny from all
        </LocationMatch>
        #extension letsencrypt end

        #extension wp-toolkit begin
        # "Block access to wp-config.php"
        # To remove this rule, revert this security measure on each WordPress installation on this domain
        <Files wp-config.php>
                Require all denied
        </Files>

        # "Block directory browsing"
        # To remove this rule, revert this security measure on each WordPress installation on this domain
        <Directory "/var/www/vhosts/loftyliterature.com/httpdocs">
                Options -Indexes
        </Directory>

        # "Block access to sensitive files"
        # To remove this rule, revert this security measure on each WordPress installation on this domain
        <LocationMatch "(?i:(?:wp-config\\.bak|\\.wp-config\\.php\\.swp|(?:readme|license|changelog|-config|-sample)\\.(?:php|md|txt|htm|html)))">
                Require all denied
        </LocationMatch>

        # "Disable PHP execution in cache directories"
        # To remove this rule, revert this security measure on each WordPress installation on this domain
        <LocationMatch "(?i:.*/cache/.*\\.ph(?:p[345]?|t|tml))">
                Require all denied
        </LocationMatch>

        #extension wp-toolkit end

        #extension sslit begin

        #extension sslit end

        #extension sectigo begin
        AliasMatch "^/.well-known/pki-validation/(?!fileauth.txt)$" "/var/www/vhosts/default/htdocs/.well-known/pki-validation/$1"

        <Location /.well-known/pki-validation/>
                # Require all granted
                Order Deny,Allow
                Allow from all
                Satisfy any
        </Location>

        <LocationMatch "^/.well-known/pki-validation/(.*/|)\.">
                # Require all denied
                Order Allow,Deny
                Deny from all
        </LocationMatch>
        #extension sectigo end
29

Screenshot 2023-05-30 at 2.08.04 PM
Screenshot 2023-05-30 at 2.08.04 PM1786×1184 195 KB

Screenshot 2023-05-30 at 2.08.14 PM
Screenshot 2023-05-30 at 2.08.14 PM1766×750 35.8 KB

30

Note that your prior cert included a wildcard for that domain. Wildcards require a much different technique for Let's Encrypt to issue a cert (needs a DNS Challenge rather than HTTP Challenge). I don't know why this would affect your situation but this is different than what you did before.

See my post #4 for your prior cert details

3 Likes
31

I am trying to recreate the same wildcard cert, I have done the DNS Challenge before, and figured it would install and give me a new DNS txt record to validate against. Then once DNS record is added, I just reload and it verifies and installs.

32

But, you did not select the 'wildcard' option on your previous screen in post #29

3 Likes
33

Sorry, I was just showing what the page options available. I am checking off all 5 of the checkboxes when I try the install.

1 Like
34

WordPress might interfere with the http-01 challenge.

@jherron Does Plesk offer more detailed logs? If not, this might be something we cannot help you with further unfortunately. Or at least it would be very hard with much guesswork.

4 Likes
35

You only showed vhosts for ports 7080 and 7081.
Is there one for port 443?

3 Likes
36

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.