Applicable to:
- Plesk for Linux
Symptoms
Apache error log
/var/log/httpd/error_log
on a Plesk server contains the following warnings:
CONFIG_TEXT: [ssl:warn] [pid 988] AH01909: RSA server certificate CommonName (CN) `plesk' does NOT match server name!?
or:
CONFIG_TEXT: [ssl:warn] [pid 988] AH01909: RSA certificate configured for webmail.example.com:443 does NOT include an ID which matches the server name
or:
CONFIG_TEXT: [ssl:warn] [pid 4329] AH01909: example.com:443:0 server certificate does NOT include an ID which matches the server name.
Cause
This warning means that CN parameter of the certificate installed on one of domains does not match value of
ServerName
directive specified in the corresponding
VirtualHost
configuration. Additional information about SNI (Server Name Indication) could be found here. For example, default SSL certificate generated by Plesk does not contain default virtual host name in CN.
Resolution
This warning can be safely ignored. However, it is possible to disable warnings specifically for SSL. To do that:
- Connect to the server via SSH,
- Edit
LogLevel
directive in the file Apache global config to look like the following:-
For deb-based OSes:
# grep LogLevel /etc/apache2/apache2.conf
LogLevel warn ssl:error -
For rpm-based OSes:
# grep LogLevel /etc/httpd/conf/httpd.conf
LogLevel warn ssl:error
-
- Restart Apache:
-
For deb-based OSes:
# systemctl restart apache2
-
For rpm-based OSes:
# systemctl restart httpd
-
Alternatively, install SSL It! extension and obtain a Let's Encrypt certificate: go to Domains > example.com > SSL/TLS Certificates > Install check the option Secure webmail on this domain > click Get it free.
Comments
8 comments
Hello, i got the error and let's encryppt module but i cannot enable the option Secure webmail on this domain because the email is disabled for the subdomain
Hello Betafer
The option in question is available only if webmail is enabled due to business logic.
Do you have webmail.example.com used just as a subdomain?
What error does Let's Encrypt show to you?
Hello Ivan, subdomain is not SSL Enabled
and the error is the same of the topic
Hello @Betafer
In order to address your question more detailed investigation is needed. Can you please create a request to our support team? You can find instructions on how to create a request in the following article:
https://support.plesk.com/hc/en-us/articles/213608509
Hello,
you need to disable this warning with todays update to Version 18.0.31 Update Nr. 3!
Otherwise Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips will fail to start
Hello,
This warning does not affect Apache functionality and it is unlikely it caused failure on restart.
To be sure I tried to reproduce this behavior in environment similar to yours and it worked smoothly. If you believe it is still the case, submit request to support and we will look into it deeper:
https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-
I also have these "normal" messages [default-123.123.123.123:443:0 server certificate does NOT include an ID which matches the server name], not with domains, but with all IPv4 and all IPv6. Do you have a workaround/fix. Otherwise I don't care about them...Greets
Hello,
Markus , just ignore this warning. It means that there is no valid certificate for "default-123.123.123.123" site.
Please sign in to leave a comment.