Applicable to:
- Plesk for Linux
Symptoms
-
All websites show the error:
PLESK_INFO: 421 Misdirected Request
-
The following error message is logged in domain's log (Plesk > Domains > example.com > Logs):
CONFIG_TEXT: AH02032: Hostname default-203_0_113_2 (default host as no SNI was provided) and hostname www.example.com provided via HTTP have no compatible SSL setup
Cause
In recent Apache version, Apache team has released fixes for CVEs that affected Apache + nginx functionality: new changes do not allow Apache process requests from nginx without the server name (by default, nginx does not pass the server name through SNI when establishing a connection with a proxied HTTPS server).
This issue has been addresses in Plesk Obsidian 18.0.70 and later releases.
Resolution
Update Plesk Obsidian to the latest build.
Note: The hotfixes are compatible with the manual workaround. So, even for servers where manual solution is already applied, no extra steps are required after installing Plesk update.
Manual workaround for previous Plesk versions:
Add proxy_ssl_server_name, proxy_ssl_name and proxy_ssl_session_reuse directives in nginx configuration to make nginx pass the server name to Apache through TLS Server Name Indication (SNI) extension:
- Connect to the Plesk server via SSH.
-
Run the script (without any modifications):
# echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf && systemctl restart nginx
Comments
anyone struggling on 20.04 you can disable http2 rather than nginx till we get a fix
plesk bin http2_pref disable
This site can’t be reached
sunset-usa.com took too long to respond.
Try:
ERR_CONNECTION_TIMED_OUT
This site can’t be reached
sunset-usa.com took too long to respond.
Try:
ERR_CONNECTION_TIMED_OUT
This site can’t be reached
sunset-usa.com took too long to respond.
Try:
ERR_CONNECTION_TIMED_OUT
Andy Bird funfact: works on our servers only when reverting the “quickfix” from this KB.
Thanks for the quick fix - worked perfectly.
Hi,
I applied that support said, it worked perfectly on Ubuntu 22.04 with Plesk 18.0.71.
Thanks for information!
Thank you it worked! Guys you need to be logged in as administrator of your server (not website) and use command sudo su when you log in then execute the suggested code. Anyway it worked!
apache2 2.4.52-1ubuntu4.14 seems to be broken. After update to apache2 2.4.52-1ubuntu4.15 fixed the problem in Plesk 18.0.71.
This fixed worked good for me also
In my case it worked, the domains returned but I can't log in to CP, it keeps showing me the same message
this doesn't fix my problem on a recently migrated Plesk server.
There is something missing in the code, the “>”:
echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf && service nginx restart
the fix is triggering an error when syncing a subscription: New configuration files for the Apache web server were not created due to the errors in configuration templates: nginx: [emerg] bind() to [2600:1f11:ec:eb00:59a9:8afe:d93a:3e4c]:443 failed (99: Cannot assign requested address) nginx: configuration file /etc/nginx/nginx.conf test failed See the details in Configuration Troubleshooter. Detailed error descriptions were sent to you by email. To fix the issue, follow the instructions described in KB: https://support.plesk.com/hc/articles/12377844474903 Please resolve the issues and click here to generate broken configuration files once again or here to generate all configuration files.
Did not fix it with my setup Ubuntu 24.04.2 LTS and Plesk 18.07.0 Update 2 / Had to downgrade Apache.
The server returned with a “unrecognized service” error.
When is the permanent fix expected to be released? The work around isn't fixing some of my servers.
after using your script it fixed. Ubuntu 22.04.5 LTS
using sudo -i
I applied the script above as root but that just gave a 403 permission page on the website.
script did not work for me. I actually had to comment it out because it disabled access to the plesk admin page as well because nginx wouldnt start anymore. The temp fix for me so far is to disable Reverse Proxy Server (nginx) service. I did the following below.
Turning off nginx
To return to the configuration with a single Apache web server, stop the Reverse Proxy Server (nginx) service in Tools & Settings > Services Management (under “Server Management”).
It works! thanx!
I had the same problem, all the site in my server presented the Misdirected Request message. I used the Resolution in this article and worked perfectly. Thanks! You saved my day!
my domain is working after this new settings , but i have to forward from domain.com/admin to admin.domain.com and i m getting the same error Misdirected Request
The client needs a new connection for this request as the requested host name does not match the Server Name Indication (SNI) in use for this connection.
how can i fixed?
Thanks Team ❤️ It's working fine, but after the team makes the fix, will it merge?
Thx!! works fine! I fixed it already in the early morning 🤗
Tried workaround command as given, ran into permission errors (zsh: permission denied: /etc/nginx/conf.d/fixssl.conf)
So I modified the command slightly:
echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" | sudo tee /etc/nginx/conf.d/fixssl.conf > /dev/null && sudo systemctl restart nginxThat did the trick. Everything is now operational.
pasting the following on each website with SSL manually under the Additional nginx directives for each website individually appears to work. the command somehow stops nginx from starting correctly
Disabling a auto update is fix the issue in feature ?
Automatically install Plesk updates (Recommended)
or Disable this from
machine
APT::Periodic::Update-Package-Lists "1"; changed to 0
APT::Periodic::Unattended-Upgrade "1"; changed to 0
?
otherwise
echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" > /etc/nginx/conf.d/fixssl.conf && service nginx restart
above command has fixed the issue
I have been waiting patiently for an automatic update to occur that includes a fix for the problem. I can run the fix provided but it seems that in some installations that may trigger a set of different problems. So… I am reluctant to run what may be a temporary fix and wait for the proper fix from Plesk. So - can someone tell me when the new automatic update is likely to happen?
Thanks a lot
Please sign in to leave a comment.