Applicable to:
- Plesk for Linux
Symptoms
-
All websites show the error:
PLESK_INFO: 421 Misdirected Request
-
The following error message is logged in domain's log (Plesk > Domains > example.com > Logs):
CONFIG_TEXT: AH02032: Hostname default-203_0_113_2 (default host as no SNI was provided) and hostname www.example.com provided via HTTP have no compatible SSL setup
Cause
In recent Apache version, Apache team has released fixes for CVEs that affected Apache + nginx functionality: new changes do not allow Apache process requests from nginx without the server name (by default, nginx does not pass the server name through SNI when establishing a connection with a proxied HTTPS server).
This issue has been addresses in Plesk Obsidian 18.0.70 and later releases.
Resolution
Update Plesk Obsidian to the latest build.
Note: The hotfixes are compatible with the manual workaround. So, even for servers where manual solution is already applied, no extra steps are required after installing Plesk update.
Manual workaround for previous Plesk versions:
Add proxy_ssl_server_name, proxy_ssl_name and proxy_ssl_session_reuse directives in nginx configuration to make nginx pass the server name to Apache through TLS Server Name Indication (SNI) extension:
- Connect to the Plesk server via SSH.
-
Run the script (without any modifications):
# echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf && systemctl restart nginx
Comments
Plesk Obsidian 18.0.71
Ubuntu 22.04.5 LTS
Fix worked for me.
echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" > /etc/nginx/conf.d/fixssl.conf && service nginx restart
However, do we now need to leave the new fixssl.conf in place indefinately or will Ubuntu/Plesk push an update to fix what Ubuntu broke?
FYI if anyone else is wondering what the nginx fix is doing:
https://chatgpt.com/share/6878b241-905c-8008-8a5f-bd9e1e7fa05e
I'm new to this - do i run it as is, or do i need to change anything, ie “proxy_ssl_server_name - does this need to be my server name is does it just ”know"?
Matt Costello - this is also my lingering concern. I've applied the hot fix successfully on x3 IONOS VPS setups (all running Plesk and Ubntu 22.04) - BUT although the sites and servers are all back, I'm concerned (as a mid-level tech user… TOPS) - what sideeffects might now be in place, as a consequence of the hot fix :-/
I can also confirm that the fix worked.
Thanks for your support.
All fixed after the fix - thanks
Yeah, the fix worked for me in a way. The command line did not work but cding into the directory and inserting everything by hand worked just fine.
I'm very concerend about what John Mounsey said as well - will there be an update as to when the hotfix can be reverted to avoid potential misbehavior in the future Kuzma Ivanov?
Fixed for me, thanks.
Roney Ngala this happened to me once, I then realised I had missed off the “restart” final word on the fix. Also, on your screengrab it looks like a typo on “restart” too - I hope that helps. If typed correctly it works.. but I remain concerned of side-effects from this hot-fix! :-/
IT Admin - You run the command as is, you do not substitute anything
i can not run the fix
Error “no such file or directory"
any suggestions
Mmhh … the fix is not working entirely. The main-domain is reachable, but the subdomains are not. Any idea?
Fix applied. I have several subscriptions in my Plesk.
A lot of domains fail, if i access the domain log its shows
AH02032: Hostname domain1.com provided via SNI and hostname www.domain.com provided via HTTP are different
AH02032: Hostname domain2.com provided via SNI and hostname www.domain.com provided via HTTP are different
Its mixing domains thats why is not working
I am getting the following error:
● nginx.service - Startup script for nginx service
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/nginx.service.d
└─respawn.conf
Active: activating (auto-restart) (Result: exit-code) since Thu 2025-07-17 09:34:21 BST; 3s ago
Process: 14222 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 14220 ExecStartPre=/bin/sh -c [ '${NGINX_ENABLED}' = 'yes' ] || { echo Not starting nginx as it is disabled in Plesk. Run \'plesk sbin nginxmng -e\' to enable nginx in Plesk.; exit 1; } (code=exited, status=0/SUCCESS)
I then see:
DB query failed: SQLSTATE[HY000] [2002] Connection refused
Any ideas anyone?
thanks this works for me
echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" > /etc/nginx/conf.d/fixssl.conf && service nginx restart
Seem also to correlate with additional ip-adresses.. I didn't find any acceptable hot fix solution. removed nginx
This fix is not working for one Ionos Cloud Server. Worked on all others. This one we can have just one of the sites up. Whichever one we access first after applying the fix works, but all the others continue with the error. Reapply the fix and visit a different site and that one works but all the others then have the issue.
Anyone know what this workaroudn is actually doing and why this would occur? Thanks
Fix worked perfectly. Thanks!
Error on both servers running Ubuntu 22.04.5 LTS and Plesk 18.0.70 and Ubuntu 24.04.2 LTS and Plesk 18.0.71. Kuzma Ivanov: I applied your solution and it worked again immediately. Thank you very much.
Solved, thank you very much!
As per Thomas, for now I have stopped the nginix proxy service and now all sites are working. Ask “AI” (anything but) how to do this it will tell you to disable proxy mode, which disables Apache not Niginx. Tell it it's wrong and then it comes up with the right answer. Usual AI rubbish!
Really, how can this happen? Didn't anyone learn lessons from CrowdStrike? Test it!!!
regisit, I think the issue is that Apache is now more strict when it comes to proxies and requires the upstream server (nginx) to specifically state which website is trying to access during the SSL handshake. The Nginx config on Plesk was not configure to pass this onto Apache so Apache throws the toys out the pram.
The fix posted by the OP creates a fixssl.conf file with 2 extra directives “proxy_ssl_server_name” and “proxy_ssl_name” which pass on the hostname of the requested website to Apache. Far as I can see it is the proper fix for this issue. I reckon Plesk may incorporate this into a future update rather than have it sit in fixssl.conf just for tidiness purposes.
This is the dilemma between the need for rapid security updates and the occurrence of very rare but potential complications.
Some informations for “older” distrubutions:
Ubuntu 16.04 LTS: Not affected
Ubuntu 18.04 LTS: affected; Fix does NOT work. It seems like the proxy_ssl_name $host; directive just works globally under this version and it only is set with the first domain/server, you connect to, after restarting the webservices. Only solution was to deinstall nginx and only use apache2.
Ubuntu 20.04 LTS: affected, fix does work.
Ubuntu 22.04 LTS: affected, fix does work.
Ubuntu 24.04 LTS: affected, fix does work.
IT Dept, thanks, useful info. So actually this is a Plesk mess - no testing of the update they issued that included updating Apache. Given default Plesk setup is Apache proxied by Nginix, this is unforgivable.
We have multiple servers each running multiple sites but this fix didn't work on one - only first site visited after restarting nginx proxy worked. Most of our servers are dedicated, this one is an Ionos Cloud Server hosting multiple sites. We have another cloud server hosting a single site that's working fine. I'll raise with Ionos but any ideas?
Yes - Ubuntu 18.04 LTS is used here (with esu of course;) )
Wolfgang Freudenberger we have the issue of it only working for one site on 20.04.6. Single IP.
I faced the 421 Misdirected Request on all sites today after the Apache update. I applied the recommended fix by logging in as root using SSH and run:
echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" > /etc/nginx/conf.d/fixssl.conf && service nginx restart
That resolved the issue immediately ✅
Thanks for saving time
regisit same issue here.
Please post if you find a solution. For now, disabling nxginx make websites accesible
regisit interesting - I have x3 IONOS VPS accounts and the fix has worked on all of them, via that same command. I remain nervous about this… hot fixes and the like do the job.. but are unsettling! Hope you find a solution. Have you tried the “Remove nginx.. then add it again” approach instead that others have mentioned? (that came in after I'd already done the echo command / SSH etc.).
Please sign in to leave a comment.