Article ID: 827, created on Oct 6, 2008, last review on May 11, 2014

Symptoms

I receive messages like:

################# SSL Certificate Warning ################

Certificate for plesk, in '/usr/local/psa/var/certificates/certX4i2yTS':

The certificate needs to be renewed; this can be done
using the 'genkey' program supplied with Red Hat
Enterprise Linux.

Browsers will not be able to correctly connect to this
web site using SSL until the certificate is renewed.

#####################################################
Generated by certwatch(8)

Cause

This message is generated by 'certwatch' program that is run daily by crond from the /etc/cron.daily/certwatch file to warn about the imminent expiry of SSL certificates configured for use in the Apache HTTP server. If you receive this message, it means that the certificate listed in the message will expire. If you access the site with expired certificate, the browser shows the warning that the certificate expired and is not valid anymore.

Resolution

The certificate should be renewed. The name of certificate in Plesk CP can be found with the command:

 

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -D psa -e 'select name from certificates where cert_file="CERT_FILE_NAME"'

 

Where CERT_FILE_NAME should be replaced with the real certificate file name from the message you received, in our example it is 'certX4i2yTS'. After that you can find this Ceritificare in Plesk CP and replace it with renewed one or generate Self-Signed certificate. Self-Signed certificate can be created with Server->Certificates->Add New Certificate->Self Signed. 

 

If you do not wish to check certificates' expiration date and recevie such notification anymore, this can be disabled by adding the line:


NOCERTWATCH=yes

 

to the file /etc/sysconfig/httpd.

Email subscription for changes to this article
Save as PDF