Symptoms
-
A new certificate for the domain was installed via Plesk
-
The new certificate is chosen in the Plesk > Domains > example.com > Hosting Settings > Certificate field
-
An old certificate is still shown for the website in a browser
- Plesk self-signed certificate is displayed instead of the one signed by a public CA:
example.com uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for Parallels Panel The certificate expired on
Error code: SEC_ERROR_UNKNOWN_ISSUER
The certificate file is valid, it is not default or self-signed:
# openssl x509 -noout -in /usr/local/psa/var/certificates/cert-XXXXXX -issuer
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
Note: This behavior happens with any kind of certificate installed within Plesk. For example, Custom / Purchased certificate or Let’s Encrypt SSL certificate.
Cause
After applying the certificate the webserver is not restarted automatically.
Resolution
To fix it the following can be done:
Click on a section to expand
Through Plesk UI
-
Log into Plesk
-
Go to Plesk > Domains > example.com > Hosting settings
-
Disable the SSL/TLS Support option and click the Apply button
-
Enable the SSL/TLS Support option back and the OK button
Through the command line
-
Connect to the server via SSH
-
Run the following command to reinstall certificates for the domain:
# plesk repair web -sslcerts example.com
Note: If the above steps did not resolve the issue, restart the web servers:
Through Plesk UI
-
Log in to Plesk
-
Go Tools & Settings > Services Management
-
Restart Web Server (Apache) and Reverse Proxy Server (nginx) services:
Through the command line
-
Connect to the server via SSH
-
Run the following commands:
# systemctl restart nginx
For CentOS/RHEL-based distributions:
# systemctl restart httpd
For Debian/Ubuntu-based distributions:
# systemctl restart apache2
Connect to the server via SSH
Run the following commands:
# systemctl restart nginx
For CentOS/RHEL-based distributions:
# systemctl restart httpd
For Debian/Ubuntu-based distributions:
# systemctl restart apache2