Articles in this section

Unable to access SSL/TLS Certificates domain's option in Plesk: Could not get Mozilla TLS config

Vincent Lauton
Updated
Plesk for Linux kb: technical

Applicable to:

  • Plesk for Linux

Symptoms

  • nginx fails to start with the following error:

    CONFIG_TEXT: [warn] 91333#0: "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/opt/psa/var/certificates/sqfABw7p2"

  • Accessing Domains > example.com > SSL/TLS Certificates in Plesk displays the following error:

    PLESK_ERROR: Could not get Mozilla TLS config: cURL error 6 could not resolve host: statics.tls.security.mozilla.org; Unknown error (see https://curl.haxx.se/libcurl/c/libcurl-errors.html).

If ignoring the error message and try issuing a certificate, the following error is provided:

PLESK_ERROR: Detail: Order's status ("pending") is not acceptable for finalization

Cause

Name resolution issue.

Resolution

  1. Connect to the server via SSH.

  2. Add Google nameserver to /etc/resolv.conf file:

    # echo "nameserver 8.8.8.8" >> /etc/resolv.conf

  3. If the issue persists re-enable local firewall rules and restart Plesk services:

    # systemctl restart sw-engine && systemctl restart sw-cp-server

    Note: If the server is running with systemd-resolved or NetworkManager adjust the networking configuration manually or contact the hosting provider for assistance.

Was this article helpful?

Comments

3 comments
Date Votes
  • Avatar
    Unknown User

    incomplete information

    0
  • Avatar
    Francisco Parejo

    In my Centos 7.9 it works perfectly!

    Thank you so much!!!

    0
  • Avatar
    Lenusch

    Hi, 

    just want to mention that just restarting helped. But i will not change my own resolver Server in resolv.conf as i need that, to ping the Mail Blacklists without any open Nameservers. In Conclusion it would be good to have other Solutions (often) instead just set Google or Cloudflare Servers. 

    0

Please sign in to leave a comment.