- Plesk Onyx for Linux
Note: This article has the reference to the issue with the fix available:
- #PPPM-5964 "Fixed the issue where, after upgrading a Plesk 12.0 server with PCI compliance enabled to Plesk Onyx, the sw-cp-server process could not start due to duplicated “ssl_cipher” records in /etc/sw-cp-server/conf.d/pci-compliance.conf and /etc/sw-cp-server/conf.d/ssl.conf."
- Plesk Onyx 17.5.3 Update 38 22 January 2018 (Linux)
After the upgrade from Plesk 12.0, Plesk is inaccessible with the error ERR_CONNECTION_REFUSED in the browser.
sw-cp-serviceis down and can not be started manually:
# service sw-cp-server status
sw-cp-serverd is stopped
# service sw-cp-server start
Starting sw-cp-serverd: nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/sw-cp-server/conf.d/ssl.conf:1
# service sw-cp-server restart
nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/sw-cp-server/conf.d/ssl.conf:1 ssl_ciphers directive is also defined in `/etc/sw-cp-server/conf.d/pci-compliance.conf`
- Errors in
CONFIG_TEXT: [emerg] 30681#0: "ssl_ciphers" directive is duplicate in /etc/sw-cp-server/conf.d/ssl.conf:1
[emerg] 32119#0: "ssl_ciphers" directive is duplicate in /etc/sw-cp-server/conf.d/pci-compliance.conf:1
Compliance with PCI DSS cannot be applied:
# plesk sbin pci_compliance_resolver --enable
[2017-07-25 21:40:48] ERR [util_exec] proc_close() failed ['/usr/local/psa/admin/bin/sslmng' '--protocols' 'TLSv1.1 TLSv1.2' '--ciphers' 'EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES'] with exit code 
sslmng failed: ERROR:failed to configure sw-cp-server service: Command '['/usr/local/psa/admin/sbin/pleskrc', 'sw-cp-server', 'reload']' returned non-zero exit status 6
WARNING:Ignoring unsuppored protocol
INFO: [Tue Jul 25 20:40:50 MST 2017]: Serice: sw-cp-server, Action: reload
Trying to reload service sw-cp-server... sw-cp-serverd (pid 15390) is running...
Some problems are found during reload service sw-cp-server(see log file: /var/log/plesk/rc_actions.log)
ERROR:failed to configure sw-cp-server service: Command '['/usr/local/psa/admin/sbin/pleskrc', 'sw-cp-server', 'reload']' returned non-zero exit status 6
already modified... already modified... already modified... already modified... already modified... already modified... already modified... already modified... service dovecot is not installed, skip modifying.
exit status 1
Duplicated directives in
This is Plesk bug with ID PPPM-5964 which is planned to be fixed in future product updates.
As a workaround:
Connect to the server using SSH .
# mv /etc/sw-cp-server/conf.d/pci-compliance.conf /root/
- Apply security changes for
# plesk sbin pci_compliance_resolver --enable panel
# systemctl start sw-cp-server