Trying to add certificate takes all domains on server down


#1
CentOS 6.6‬
Apache 2.2.15
Plesk Onyx 17.0.17
OpenSSL 1.0.1e-fips
certbot-auto 0.13.0

I’m having trouble adding certificates to my domain.

Basically, I have one primary domain (let’s call it exampleA.com) with its own wildcard certificate (not a Let’s Encrypt cert – several subdomains fall under this domain). I also have a few other domains on the same server, set up in separate directories under the same webspace in Plesk.

I was able to sucessfully generate a cert for one of them (exampleB.com), but any time I try to add it to the vhost’s conf file to use, it takes down all the sites on my server.

Added to /var/www/vhosts/system/exampleB.com/conf/vhost_ssl.conf:

SSLCertificateFile /etc/letsencrypt/live/exampleB.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/exampleB.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/exampleB.com/privkey.pem

In /var/www/vhosts/system/exampleB.com/conf/httpd.conf, within <VirtualHost ip.address:443 > before and before vhost_ssl.conf gets included, this appears:

SSLEngine on
SSLVerifyClient none
SSLCertificateFile /usr/local/psa/var/certificates/cert-75qf7l
SSLCACertificateFile /usr/local/psa/var/certificates/cert-cmY2El

I cannot edit httpd.conf directly, because it generated automatically. I had assumed my edits in vhost_ssl.conf would override these settings, and would only affect exampleB.com – but anytime I save my changes, all domains on my server go offline.

First time trying to set this up, and I’m far from an expert in server admin. Am I going about this wrong?


#2

Did /var/www/vhosts/system/exampleB.com/conf/vhost_ssl.conf already exist or did you generate it yourself? What is the full contents?


#3

When you say that the domains on your server go offline: Do you get a connection refused, or a security error, or a 404 or 500?


#4

Already existed. I believe it’s generated by Plesk. It’s originally empty. There are two fields in Plesk under Apache & nginx Settings for additional directives for HTTPS that write to this file.


#5

Connection refused, if I remember right. I can try again tomorrow morning to double-check what the error is.


#6

It sounds like Apache isn’t coming back up after your config changes. Are the certificates definitely present on the server? Do you have access to the Apache error logs? If you can post those, it would be helpful. Also, if you can post the real name of your server, that would be extra helpful.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.