Symptoms
Apache error log
on a Plesk server contains the following warnings:
/var/log/httpd/error_log
[ssl:warn] [pid 988] AH01909: RSA server certificate CommonName (CN) `plesk' does NOT match server name!?
or:
[ssl:warn] [pid 988] AH01909: RSA certificate configured for webmail.example.com:443 does NOT include an ID which matches the server name
or:
[ssl:warn] [pid 4329] AH01909: example.com:443:0 server certificate does NOT include an ID which matches the server name.
Cause
This warning means that CN parameter of the certificate installed on one of domains does not match value of
directive specified in the corresponding
ServerName
configuration. Additional information about SNI (Server Name Indication) could be found here. For example, default SSL certificate generated by Plesk does not contain default virtual host name in CN.
VirtualHost
Resolution
This warning can be safely ignored. However, it is possible to disable warnings specifically for SSL. To do that:
- Connect to the server via SSH,
- Edit
LogLevel
directive in the file Apache global config to look like the following:-
For deb-based OSes:
# grep LogLevel /etc/apache2/apache2.conf
LogLevel warn ssl:error -
For rpm-based OSes:
# grep LogLevel /etc/httpd/conf/httpd.conf
LogLevel warn ssl:error
-
- Restart Apache:
-
For deb-based OSes:
# systemctl restart apache2
-
For rpm-based OSes:
# systemctl restart httpd
-
Alternatively, install SSL It! extension and obtain a Let's Encrypt certificate: go to Domains > example.com > SSL/TLS Certificates > Install check the option Secure webmail on this domain > click Get it free.