Article ID: 114984, created on Oct 19, 2012, last review on Aug 12, 2014

  • Applies to:
  • Plesk 11.x for Linux


SSL certificates for certain domains are no longer trusted. In fact, any SSL certificate installed in Parallels Plesk Panel (PP) 11 with more than a single chain certificate on it is unable to load properly. The only way to fix this is to switch back to Apache using the "/usr/local/psa/admin/bin/nginxmng --disable" command.


Apache has an "SSLVerifyDepth" parameter with a default value of ten (10), which means that it will look for ten (10) CA (Chain) certificates. Nginx has a similar parameter, "ssl_verify_depth," but with a default value of one (1). Since Nginx is the front-end web server and it is set to one (1), it is not grabbing the additional CA certificates, thus causing a conflict with some browsers.


The issue has been fixed since version 11 MU#10; however, it may still affect certificates that were generated before the needed update was installed. In order to fix such certificates, run the following commands:

# wget
# unzip
# php reload_ssl_certificate.php

The commands download an archived PHP script, unzip, and launch it.


0a53c5a9ca65a74d37ef5c5eaeb55d7f 56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838

Email subscription for changes to this article
Save as PDF