When opening SSL certificate properties in Plesk, one of the alike error messages arises:
Unable to get certificate info: openssl_x509_parse() failed: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode
Unable to get certificate info: openssl_x509_parse() failed: error:0D07209B:asn1 encoding routines:ASN1_get_object:too longerror:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object headererror:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 errorerror:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib
Certificate entry is incorrectly inserted into Plesk database.
Find the certificate file for a corresponding certificate, and check whether it could be validated with
'openssl'(certificate ID could be fetched from the URL which is being opened when accessing the certificate properties, as on screen shot):
mysql> select csr,cert_file,ca_cert,ca_file from certificates where id=1;
| csr | cert_file | ca_cert | ca_file |
| | certjl8Aqyv | | |
1 row in set (0.00 sec)
Check the corresponding SSL file with
openssl x509 -in /usr/local/psa/var/certificates/certjl8Aqyv -text -noout
In case CRS part is present in the above query, also check whether SSL md5 hashes are matching
openssl x509 -noout -modulus -in /usr/local/psa/var/certificates/certjl8Aqyv | openssl md5
openssl req -noout -modulus -in /usr/local/psa/var/certificates/CSR.csr | openssl md5
openssldisplays the same error, then certificate file itself is corrupt as well. In this case contact your provider to get the valid SSL certificate file. Otherwise, proceed with further steps.
opensslvalidates the certificate files fine, then the issue only concerns Plesk database. In this case just add a new certificate to Panel, based on the data that is contained in certificate files, assign it to all the domains that were using the broken one, and in Plesk GUI delete the certificate which was causing the issue.