Errors appear on a Plesk server in Apache log: RSA server certificate does NOT match server name

Symptoms

Apache error log /var/log/httpd/error_log on a Plesk server contains the following warnings:

CONFIG_TEXT: [ssl:warn] [pid 988] AH01909: RSA server certificate CommonName (CN) `plesk' does NOT match server name!?

or:

CONFIG_TEXT: [ssl:warn] [pid 988] AH01909: RSA certificate configured for webmail.example.com:443 does NOT include an ID which matches the server name

or:

CONFIG_TEXT: [ssl:warn] [pid 4329] AH01909: example.com:443:0 server certificate does NOT include an ID which matches the server name.

Cause

This warning means that CN parameter of the certificate installed on one of domains does not match value of ServerName directive specified in the corresponding VirtualHost configuration. Additional information about SNI (Server Name Indication) could be found here. For example, default SSL certificate generated by Plesk does not contain default virtual host name in CN.

Resolution

This warning can be safely ignored. However, it is possible to disable warnings specifically for SSL. To do that:

1. Connect to the server via SSH,
2. Edit LogLevel directive in the file Apache global config to look like the following:

   • For deb-based OSes:

     # grep LogLevel /etc/apache2/apache2.conf
     LogLevel warn ssl:error

   • For rpm-based OSes:

     # grep LogLevel /etc/httpd/conf/httpd.conf
     LogLevel warn ssl:error

3. Restart Apache:

   • For deb-based OSes:

     # systemctl restart apache2

   • For rpm-based OSes:

     # systemctl restart httpd

Alternatively, install Let's Encrypt extension and obtain a certificate: go to Domains > example.com > Let's Encrypt > check the option Secure webmail on this domain > click Renew