- Plesk Onyx for Linux
Plesk configured to run websites on Apache in back-end mode with Nginx in proxy mode;
Nginx service is unable to start or restart. The next error appears in console or in
/var/log/messages(for RedHat, CentOS, CloudLinux) or in
/var/log/syslog(for Ubuntu, Debian):
CONFIG_TEXT: nginx: [emerg] BIO_new_file("/usr/local/psa/var/certificates/certXXXXXXX") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/psa/var/certificates/certXXXXXXX','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Similar error is shown in Plesk GUI:
PLESK_ERROR: New configuration files for the Apache web server were not created due to the errors in configuration templates: nginx: [emerg] BIO_new_file("/usr/local/psa/var/certificates/certXXXXXXX") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/psa/var/certificates/certXXXXXXX','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed.
PLESK_ERROR: New configuration files for the Apache web server were not created due to the errors in configuration templates: nginx: [emerg] PEM_read_bio_X509_AUX("/usr/local/psa/var/certificates/XXXXXXX") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE) nginx: configuration file /etc/nginx/nginx.conf test failed.
Certificate file reported in the error is missing from the directory
# ls -la /opt/psa/var/certificates/ | grep certXXXXXXX
Nginx web server is enabled and used as web proxy in combination with Apache. Command line tool
nginxmngshows the following status:
# /usr/local/psa/admin/bin/nginxmng -s
Apache service is up and running, it may be listening ports on 7080/7081 or 80/443:
# netstat -tlpn | grep -E ":7080|:7081|:80|:443" | grep -E "apache|httpd"
tcp 0 0 0.0.0.0:7080 0.0.0.0:* LISTEN 692/apache2
tcp 0 0 0.0.0.0:7081 0.0.0.0:* LISTEN 692/apache2
If apache is listening on ports 7080/7081, example.com is not accessible:
CONFIG_TEXT: Unable to connect
Can't establish a connection to the server at example.com
Domain example.com may not exist in Plesk:
# plesk bin domain -l | grep example.com
SSL certificate changes are not applied to nginx configuration files.
- Log in to Plesk;
- Open Plesk > Extensions > My Extensions > Webserver Configurations Troubleshooter;
- Click on arrow near search bar, filter the configuration files by status "Error" and click Search:
- Select the configuration files for non-existing domain and click Remove.
- Re create web configuration files server-wide by clicking Rebuild button and select All:
Log in to the server via SSH as root user.
Disable nginx service on the server to temporary switch all websites to Apache and remove the impact:
# /usr/local/psa/admin/bin/nginxmng -d
Search for all configuration files loading such config file:
# grep -R certXXXXXXX /etc/nginx/
/etc/nginx/plesk.conf.d/vhosts/example.com.conf: ssl_certificate /usr/local/psa/var/certificates/certXXXXXXX;
/etc/nginx/plesk.conf.d/webmails/webmail.example.com.conf: ssl_certificate /usr/local/psa/var/certificates/certXXXXXXX;
Move all soft links to broken configuration files from the directories
# mv /etc/nginx/plesk.conf.d/vhosts/example.com.conf /
# mv /etc/nginx/plesk.conf.d/webmails/webmail.example.com.conf /
Check if any other misconfigurations remained:
# nginx -t
If there are more orphaned files remained, repeat the 3rd step, but with the new certificate name which appeared in the error.
Once the nginx configuration test is successful, rebuild web server configuration:
# plesk bin repair --reconfigure-ssl-certificates
# /usr/local/psa/admin/bin/httpdmng --reconfigure-server
Warning: To avoid errors on Debian systems, replace "NGINX_ENABLED=no" with NGINX_ENABLED=yes in /etc/default/nginx
# /usr/local/psa/admin/bin/nginxmng -e