Applicable to:
- Plesk for Linux
Symptoms
-
All websites show the error:
PLESK_INFO: 421 Misdirected Request
-
The following error message is logged in domain's log (Plesk > Domains > example.com > Logs):
CONFIG_TEXT: AH02032: Hostname default-203_0_113_2 (default host as no SNI was provided) and hostname www.example.com provided via HTTP have no compatible SSL setup
Cause
In recent Apache version, Apache team has released fixes for CVEs that affected Apache + nginx functionality: new changes do not allow Apache process requests from nginx without the server name (by default, nginx does not pass the server name through SNI when establishing a connection with a proxied HTTPS server).
This issue has been addresses in Plesk Obsidian 18.0.70 and later releases.
Resolution
Update Plesk Obsidian to the latest build.
Note: The hotfixes are compatible with the manual workaround. So, even for servers where manual solution is already applied, no extra steps are required after installing Plesk update.
Manual workaround for previous Plesk versions:
Add proxy_ssl_server_name, proxy_ssl_name and proxy_ssl_session_reuse directives in nginx configuration to make nginx pass the server name to Apache through TLS Server Name Indication (SNI) extension:
- Connect to the Plesk server via SSH.
-
Run the script (without any modifications):
# echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf && systemctl restart nginx
Comments
regisit hmm then it seems to work unconsistent under 20.04 LTS. Well, if you have only sites with apache2 working (or in proxymode), deinstall NGINX via Tools & Settings → Updates. This works, but creates 20-30% more serverload on a few servers from us. Not the ideal solution, I hope for a fix.
Fix worked for me also. What an insane error. I chose plesk for its simplicity and ease of use.
I had the same problem this morning, but this solution fixed it on Ubuntu 22.04.5 LTS. Thanks!
I removed the nginx from plesk and that has solved the issue for me
Fix works, thank you!
I just used the suggested resolution in PuTTY and it worked straight away for me. Thanks
The fix worked for me as well. However, since almost all subdomains weren’t working, I had to follow up with a 'service apache2 restart' — and now everything is running smoothly.
Wolfgang Freudenberger John Mounsey There's no need to remove nginx, just stopping the service passes all requests direct to Apache. I expected to have to do some reconfiguration, but just stopping the service works. I'm gussing stopping it does some auto-reconfiguration. Once I find out why this one server is still having this issue I'll post here.
Hi all, so my understanding is that this must have rolled out via an update and like many others I have auto updates disabled on Plesk (for various reasons) so I was scratching my head thinking how did Apache magically change its inner workings. I checked the apt history log on my server and it shows an unattended upgrade happened just before the websites went down. I checked the apt config and low and behold, unattended upgrades was enabled.
I am 100% certain I did not enable unattended-upgrades, nor did any other admin on my team. I can only assume as part of Plesk's install it enables unattended upgrades? Can anybody confirm this?
P.S. I reckon its best not to disable unattended upgrades and let Plesk roll out a fix or explanation as to how Apache got updated by itself.
also not working on 20.04
all others seem fine
apply the patch.. it works for 1 site.. not for others
For those not operating the command line, you may use these - non global - settings in Plesk panel.
Additional nginx directives:
proxy_ssl_server_name on;
proxy_ssl_name $host;
The quickest solution is to simply uninstall nginx under (extensions) for the time being. Everything will then run smoothly again.
AH02032: Hostname default (default host as no SNI was provided) and hostname **** provided via HTTP have no compatible SSL setup
This domain is behind cloudflare, without cloudflare DNS (for the SAME domain) it's working ok.
We don't have nginx installed and bug is still there (no update available)
Error message is
Our apache version is apache2 2.4.52-1ubuntu4.15
Ralf Meelker Finally something that is simple and worked!!!
In command line the standard fix created a permission issue but here it works fine
Additional nginx directives:
proxy_ssl_server_name on;
proxy_ssl_name $host;
Thanks for quick fix.
Had the same problem this morning and was starting to panic when starting to read up about SNI . This resolution looks like a good one and stops the following message being displayed:
Thank you
The command worked for two of our servers - but the third is showing Server Error
502
Bad Gateway
Web server received an invalid response while acting as a gateway or proxy server.
ANyone any ideas as to how to fix this?
For me the command below worked .. but if I restart server, same problem and have do redo command
How to solve that?
Command used:
Workaround worked - Thanks!
I updated Plesk and with trying the fix
"echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" > /etc/nginx/conf.d/fixssl.conf && service nginx restart"
i'm getting “no such file or directory” - how to find the fixssl.conf?
By looking into /etc/nginx/conf.d, in only see "ssl.conf"
any ideas?
The suggested fix works perfectly on my 22.04, and 24.04 servers running Plesk.
Since applying it, I haven’t encountered any 421 issues on these systems.
However, on an Ubuntu 18.04 and Ubuntu 20.04 server, this fix does not solve the problem:
The only stable solution I found on Ubuntu 18 is to completely disable Nginx (reverse proxy) and run Apache only (PHP-FPM via Apache), until (if ever) an official fix is provided. But since Ubuntu 18 is end-of-life, a fix is unlikely.
Current workaround is not working if we're using cloudflare as proxy (no nginx)
I have 19 sites down becauise of this stupid mess.
I can confirm happen to me this morning only one of my Sites with EV SSL failed… First time this ever happened but thankful for this quick resolution thank you team.
Thanks alot! Its works
If it can be useful… disabling webshield of immunify360 solves the problem (not using nginx, using cloudflare)
(still not a decent solution)
Why would Plesk not be monitoring beta streams for these packages and testing before a critical failure like this occurs? This is not the first time a bad apache2 or httpd package was released and caused this type of issue, and here we are again.
Hi all after applying the workaround, I facing another Apache Error which cause the “AH01071: Got error ‘empty string to a string offset in…..” Its a Warning type error but its cause the website not able to show all the css and picture files. I’m using WordPress of it. Any one also facing the same problem ?
This site can’t be reached
sunset-usa.com took too long to respond.
Try:
ERR_CONNECTION_TIMED_OUT
Working for me this solution.
They work for a minute and then go down. I then reset it or reboot and turn off firewalls and change phpo settings and it works for a minute and then dies. I may do a back up and cut my losses. This is a nightamre. i cant believe this is sold to people. This plesk thing is so shotty. regardless, what is getting done to fix this issue for fucks sakes?
This site can’t be reached
sunset-usa.com took too long to respond.
Try:
ERR_CONNECTION_TIMED_OUT
Please sign in to leave a comment.