Article ID: 127430, created on Nov 14, 2015, last review on Nov 14, 2015

  • Applies to:
  • Plesk Automation 11.5


How to change self-signed SSL certificate for ProFTP service on Apache Service node?


In order to change expired self-signed certificate for ProFTP on Apache Service node please do the following:

  1. Login to to Apache node via ssh as root and check current certificate location. For example:

    [root@apachenode ~]# grep TLSRSACertificate /etc/proftpd.conf
            TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
            TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
  2. Create backup of original file:

    [root@apachenode ~]# cp -p /usr/local/psa/admin/conf/httpsd.pem{,.bak}
  3. Login to PA Management node as root and create certificate for required service node:

    [root@managementnode ~]# /usr/local/ppa/bin/agent_certmng -c -type sn -hostid <number_of_service_node>

    Note: <number_of_service_node> you can obtain from GUI PA > Infrastructure > Service Nodes or using ppa.sn_list all command in SSH on PA Management node.

  4. Two files sn_<number>.crt and sn_<number>.key will be created. Place both files in certificate file:

    [root@managementnode ~]# cat  sn_<number>.crt sn_<number>.key > httpsd.pem
  5. Copy new certificate file on required service node.

  6. Change permissions on original file on Apache node:

    [root@apachenode ~]# chmod 0700 /usr/local/psa/admin/conf/httpsd.pem
  7. Replace expired certificate file with new certificate and change permissions back:

    [root@apachenode ~]# cp -rp httpsd.pem /usr/local/psa/admin/conf/httpsd.pem
    [root@apachenode ~]# chmod 0400 /usr/local/psa/admin/conf/httpsd.pem
  8. Restart the internal sw-cp-server and xinitd services by running the following command:

    [root@apachenode ~]# /etc/init.d/sw-cp-server restart
    [root@apachenode ~]# /etc/init.d/xinetd restart

Search Words


Expired ftp SSL

replace service node certificate

change SSL certificate




33a70544d00d562bbc5b17762c4ed2b3 caea8340e2d186a540518d08602aa065 e0aff7830fa22f92062ee4db78133079

Email subscription for changes to this article
Save as PDF