SSL certificates are not assigned to domains and IPs after transfer

Refers to:

  • Plesk 11.0 for Linux
  • Plesk 11.5 for Linux

Created:

2016-11-16 13:07:11 UTC

Modified:

2016-12-21 19:59:41 UTC

0

Was this article helpful?


Have more questions?

Submit a request

SSL certificates are not assigned to domains and IPs after transfer

Symptoms

When performing a transfer to Parallels Plesk (PP) 10.4 from an earlier version, an error occurs:

<message code="ExecCmd::ExFailed" id="4e6591dd-cae2-4573-8619-1d30133b0eb8" severity="error">
<description>Execution of /usr/local/psa/admin/plib/api-cli/ipmanage.php -u 1.1.1.1 -ssl_certificate_ref c533c6ea91294c09adbebc0fd6954ab2 -ignore-nonexistent-options failed with return code 1.
Stderr is
Certificate does not exist.
</description>

As a result, certificates are transferred, but they are not assigned to any domain or IP.

Cause

The transferred certificates are not compatible with PP 10.4.4 because they are exported to the PP database in different format on different PP versions. This is caused by differences in PHP\\OpenSSL packages.

Resolution

The issue will be fixed in a future update for which a new Knowledge Base article will be created. You may subscribe to receive notifications regarding the creation of new articles about Parallels Plesk products.

Workaround

The workaround is to assign the certificates manually. To do this, log in to the source and destination servers via SSH, and run the below commands.

On destination:

Get the latest migration (transfer) session ID:

export session=`ls /usr/local/psa/PMM/msessions/|tail -1`

Get the domains that were transferred:

cat /usr/local/psa/PMM/msessions/$session/selected_objects| awk -F'[<>]' '/<name>/{u[$3]=1}END{for(i in u)print i}' > /root/domains.txt

Determine which domains had certificates assigned to them:

# cat /root/domains.txt| while read a; do  MYSQL_PWD=`cat /etc/psa/.psa.shadow`  mysql -uadmin  psa -Ne"select d.name,d.cert_rep_id from domains d where d.name='$a'";done|while read dom rep_param;do if [ $rep_param != 0 ]; then echo $dom >> /root/domains_with_cert.txt; else echo $dom >> /root/domains_without_cert.txt;fi;done

Copy the gathered information to the source server:

# scp /root/domains_* root@<source_server_ip>:/root

Note: Replace <source_server_ip> with the actual IP address of the source server.

On source:

Find out which certificates were assigned to which domains:

# cat /root/domains_with_cert.txt| while read a; do  MYSQL_PWD=`cat /etc/psa/.psa.shadow`  mysql -uadmin psa -Ne"select d.name,c.name from hosting h join domains d on h.dom_id=d.id join Repository r on r.rep_id=d.cert_rep_id join certificates c on r.component_id=c.id where h.ssl='true' and d.name='$a'";done >> /root/domains_certificates.txt

Note: If you get a "No such file or directory" error here, it means that no certificates were assigned to domains.

Find out which certificates were assigned to which IP addresses:

# cat /root/domains_without_cert.txt|while read b;do  MYSQL_PWD=`cat /etc/psa/.psa.shadow`  mysql -uadmin psa -Ne"select d.name,c.name from domains d join hosting h on h.dom_id=d.id join IP_Addresses ip on h.ip_address_id=ip.id join certificates c on ip.ssl_certificate_id=c.id and d.name='$b'";done >> /root/ip_certificates.txt

Note: If you get a "No such file or directory" error here, it means that no certificates were assigned to IP addresses.

Copy the gathered information to the destination server:

# scp /root/domains_certificates.txt root@<destination_server_ip>:/root
# scp /root/ip_certificates.txt root@<destination_server_ip>:/root

Note: Replace with the actual IP address of the destination server.

Again on destination:

Assign the needed certificates to the needed domains and IP addresses:

# cat /root/domains_certificates.txt | while read dom cert; do /usr/local/psa/bin/domain -u $dom -ssl true -certificate-name "$cert";done

# cat ip_certificates.txt | while read dom cert; do MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysql -uadmin `psa -Ne" select displayHost from dns_recs where type='PTR' and dns_zone_id=(select dns_zone_id from domains where name='$dom')" > ip;echo `cat ip` $cert >> /root/ip_certificates_correct.txt;done

# cat /root/ip_certificates_correct.txt|while read ip cert;do /usr/local/psa/bin/ipmanage -u $ip -ssl_certificate "$cert"; done

Note: If you get a "No such file or directory" error here, it means that no certificates were assigned to IP addresses on the source server.

Have more questions? Submit a request
Please sign in to leave a comment.