Articles in this section

See more

Errors appear on a Plesk server in Apache log: RSA server certificate does NOT match server name

Avatar
Pavel Rozental
Updated
Follow
Plesk for Linux kb: technical ext: le ABT: Group A

Applicable to:

  • Plesk for Linux
  • Web Presence Builder for Linux

Symptoms

Apache error log /var/log/httpd/error_log on a Plesk server contains the following warnings:

CONFIG_TEXT: [ssl:warn] [pid 988] AH01909: RSA server certificate CommonName (CN) `plesk' does NOT match server name!?

or:

CONFIG_TEXT: [ssl:warn] [pid 988] AH01909: RSA certificate configured for webmail.example.com:443 does NOT include an ID which matches the server name

or:

CONFIG_TEXT: [ssl:warn] [pid 4329] AH01909: example.com:443:0 server certificate does NOT include an ID which matches the server name.

Cause

This warning means that CN parameter of the certificate installed on one of domains does not match value of ServerName directive specified in the corresponding VirtualHost configuration. Additional information about SNI (Server Name Indication) could be found here. For example, default SSL certificate generated by Plesk does not contain default virtual host name in CN.

Resolution

This warning can be safely ignored. However, it is possible to disable warnings specifically for SSL. To do that:

  1. Connect to the server via SSH,
  2. Edit LogLevel directive in the file Apache global config to look like the following:

    • For deb-based OSes:

      # grep LogLevel /etc/apache2/apache2.conf
      LogLevel warn ssl:error

    • For rpm-based OSes:

      # grep LogLevel /etc/httpd/conf/httpd.conf
      LogLevel warn ssl:error

  3. Restart Apache:

    • For deb-based OSes:

      # systemctl restart apache2

    • For rpm-based OSes:

      # systemctl restart httpd

Alternatively, install Let's Encrypt extension and obtain a certificate: go to Domains > example.com > Let's Encrypt > check the option Secure webmail on this domain > click Renew

Comments

6 comments

Sort by Date Votes
  • Avatar
    Betafer

    Hello, i got the error and let's encryppt module but i cannot enable the option Secure webmail on this domain because the email is disabled for the subdomain 

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Betafer

    The option in question is available only if webmail is enabled due to business logic.

    Do you have webmail.example.com used just as a subdomain?

    What error does Let's Encrypt show to you?

     

    0
    Comment actions Permalink
  • Avatar
    Betafer (Edited )

    Hello Ivan, subdomain is not SSL Enabled 

    and the error is the same of the topic

    0
    Comment actions Permalink
  • Avatar
    George Alibegashvili

    Hello @Betafer

    In order to address your question more detailed investigation is needed. Can you please create a request to our support team? You can find instructions on how to create a request in the following article:
    https://support.plesk.com/hc/en-us/articles/213608509

    0
    Comment actions Permalink
  • Avatar
    Ralf Störmer

    Hello,

     

    you need to disable this warning with todays update to Version 18.0.31 Update Nr. 3!

    Otherwise Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips will fail to start

    0
    Comment actions Permalink
  • Avatar
    Ekaterina Babenko

    Hello,

    This warning does not affect Apache functionality and it is unlikely it caused failure on restart.
    To be sure I tried to reproduce this behavior in environment similar to yours and it worked smoothly. If you believe it is still the case, submit request to support and we will look into it deeper:
    https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support- 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles