• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2263
  • Last Modified:

Plesk, Expired, SSL Certificates

Hello Experts,

I have a few questions regarding managing ssl certificates on my server. I've been receiving two seperate daily emails stating:

 ################# SSL Certificate Warning ################

  Certificate for hostname 'plesk.com', in file:
     /usr/local/psa/var/certificates/cert-pdTd7B

  The certificate needs to be renewed; this can be done
  using the 'genkey' program.

  Browsers will not be able to correctly connect to this
  web site using SSL until the certificate is renewed.

 ##########################################################
                                  Generated by certwatch(1)



 ################# SSL Certificate Warning ################

  Certificate for hostname 'plesk', in file:
     /etc/httpd/conf/httpd.pem

  The certificate needs to be renewed; this can be done
  using the 'genkey' program.

  Browsers will not be able to correctly connect to this
  web site using SSL until the certificate is renewed.

 ##########################################################
                                  Generated by certwatch(1)

How can I renew these certificates?  

Also, why do domains require a default certificate to be associated with them? I have over 100 sites on the server, but only 3 require SSL.  

Thanks!
0
pmagony
Asked:
pmagony
  • 3
  • 2
1 Solution
 
Radek BaranowskiFull-stack Java DeveloperCommented:
if your certificates were signed by a widely recognized CA (Verisign, etc.) than you need to generate new certificate based on private key you probably already have, make certificate signing request (CSR) and send it to CA, and receive signed personal certificate that way.

if you use selfsigned certificates, you need to find how you can make selfsigned cert with genkey on a site such as http://linux.die.net/man/1/genkey

what do you mean by:
Also, why do domains require a default certificate to be associated with them? I have over 100 sites on the server, but only 3 require SSL.  
?
0
 
pmagonyAuthor Commented:
what do you mean by:
Also, why do domains require a default certificate to be associated with them? I have over 100 sites on the server, but only 3 require SSL.  
?

When you set up a website in Plesk, it is assigned the default cert.  If that default cert expires, then you have to create a new self signed cert, and then manually assign it.  Problem is, I have over 100 sites on the server, I don't want to manually go into each sites settings and assign the newly created self signed cert, every year.  It's a real PITA if you know what I mean.  I want to be able to renew the cert, and automatically have all the websites associated to that default cert be valid.  This leads me to think and ask, is it possible to resign, a self-signed certificate?

Regarding your answer, there are only 3 domains which are using SSL certificates.  The others, are on the default.  But those three I'm not concerned for.  The ones I'm inquiring about are:

Certificate for hostname 'plesk.com', in file:
     /usr/local/psa/var/certificates/cert-pdTd7B

  Certificate for hostname 'plesk', in file:
     /etc/httpd/conf/httpd.pem

As stated originally.
0
 
pmagonyAuthor Commented:
0
 
Radek BaranowskiFull-stack Java DeveloperCommented:
is your domain name plesk.com ? if yes, then you'd need to follow procedure described in the blog you linked. I guess you are speaking of this cert: http://kb.parallels.com/en/1736, so you'd need recreate your selfsigned cert and upload it as described in the above link.

afaik, there's no way to automatically "re-sign" your self signed certificates. i didn't find such option for plesk in the net.  but to reduce your effort for your 100 domains, I'd choose either of two ways:
- set expiry date on your self signed certs to, say, 10 years ? then you will setup your 100 servers once and forget them :)
- use Plesk RPC API to create some small custom application to refresh your 100 self signed certs in a batch, without manually mulling through panel. read more here: http://download1.parallels.com/Plesk/PP10/10.1.1/Doc/en-US/online/plesk-api-rpc-guide/index.htm it might require some effort, but would save you some time in the long run
0
 
pmagonyAuthor Commented:
I found it on my own.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now