I Am Justyn

I fix things

Rebuild missing SSL certificates from Plesk database

Jan 19, 2013 - 2 minute read - Comments - PleskLinux

I’ve had to deal with errors similar to this occasionally on Plesk servers:

root@cent:# apachectl -t
Syntax error on line 55 of /var/www/vhosts/domain.com/conf/13449678050.31729500_httpd_ip_default.include:
SSLCertificateFile: file '/usr/local/psa/var/certificates/cert-sFD3Ys' does not exist or is empty

Probably the #1 reason I see this is when we’re doing migrations from one Plesk machine to another. Restoring Plesk-created backups can also cause it sometimes.

Regardless of the reason, if the certificates exist in the psa database – they can be re-created easily through ssh. I got tired of manually doing this, and ended up writing just a quick bash one-liner to take care of it for me.

Important: backup your certificates directory first in case anything gets overwritten!

root@cent:# tar cvjf /root/psa_certificates.tar.bz2 /usr/local/psa/var/certificates

Re-create all plesk SSL certs from psa db:

root@cent:# cd /usr/local/psa/var/certificates
root@cent:# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -Ne'select id,cert_file,name from certificates;' \
| while read id cert_file name;do echo "$cert_file : $name"; \
mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -Ne "select pvt_key from certificates where id=$id;" \
| php -r 'echo urldecode(file_get_contents("php://stdin"));' > $cert_file; \
mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -Ne "select cert from certificates where id=$id;" \
| php -r 'echo urldecode(file_get_contents("php://stdin"));' >> $cert_file; done

Re-create all plesk ca certs from psa db:

root@cent:# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -Ne'select id,ca_file,name from certificates;' \
| while read id cert_file name;do echo "$cert_file : $name"; \
mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -Ne "select ca_cert from certificates where id=$id;" \
| php -r 'echo urldecode(file_get_contents("php://stdin"));' > $cert_file; done

This will pull the private key, certificate, and ca certificate from the database, urldecode them using php, and save them to the appropriate filenames. You should also run either websrvmng or httpdmng to rebuild the apache config to make sure it uses the correct files.