Articles in this section

Error displayed in Plesk Home page: nginx: [emerg] cannot load certificate key "/usr/local/psa/var/certificates/scfNvuszu"

Sergey Senko
Updated
kb: bug Plesk for Linux ABT: Group A

Applicable to:

  • Plesk for Linux

Symptoms

  • The following error appears in Plesk Home page:

    New configuration files for the Apache web server were not created due to the errors in configuration templates: nginx: [emerg] cannot load certificate key "/usr/local/psa/var/certificates/scfNvuszu": PEM_read_bio_PrivateKey() failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: ANY PRIVATE KEY) nginx: configuration file /etc/nginx/nginx.conf test failed . Detailed error descriptions were sent to you by email. Please resolve the issues and click here to generate broken configuration files once again or here to generate all configuration files. See the details in Configuration Troubleshooter

  • Nginx is disabled in the server at Plesk level:

    # plesk sbin nginxmng --status
    Disabled

  • Nginx service remains enabled at system level:

    # systemctl status nginx
    ● nginx.service - Startup script for nginx service
    Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
    Drop-In: /usr/lib/systemd/system/nginx.service.d
    └─limit_nofile.conf, worker_files_limit.conf
    Active: failed (Result: exit-code) since Mon 2019-09-09 17:37:43 WEST; 3 days ago

Cause

Misconfiguration on the Webserver Configuration files

  • The certificate from the error is being loaded by an orphan Nginx configuration file:

    # egrep -Rl scfNvuszu /etc/nginx/ 2> /dev/null
    /etc/nginx/plesk.conf.d/webmails/example.com_webmail.conf

  • The orphan Nginx configuration file is from a domain which doesn't exist in Plesk:

    # plesk db "select * from domains where name ='example.com'"
    (Empty Output)

If any customer faces the same issues we should perform following steps: • Ask customer to upgrade to the latest Plesk version (fixes were performed in Plesk 18.0.53) • If problem still occurs - enable debug log and ask customer to come back as soon, as problem repeated. This kind of problems can not be investigated without Plesk debug logs. Better to copy logs with problem timeframe to separate location, to avoid logs rotation. Investigation can get a lot of time. • Create a 3rd-line ticket for logs analysis from the Core team side.

Resolution

  1. Connect to the server via SSH

  2. Get the path where the orphaned record exists with the following command:

    # egrep -Rl scfNvuszu /etc/nginx/ 2> /dev/null
    /etc/nginx/plesk.conf.d/webmails/example.com_webmail.conf

  3. Remove the orphan Nginx configuration file:

    # mv /etc/nginx/plesk.conf.d/webmails/example.com_webmail.conf /root/

  4. Log into Plesk

  5. Go to Extensions > My Extensions > Webserver Configurations Troubleshooter > Select All the Broken configuration files > Click on Remove > Click on Rebuild - All

  6. Connect to the server via SSH again and disable Nginx service:

    # plesk sbin nginxmng --disable

    Verify Nginx service was disabled successfully:

    # systemctl status nginx
    nginx.service - Startup script for nginx service
    Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.