Symptoms
- Unable to create domain in Plesk:
A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)
In Microsoft.Web.Administration module
Exception type: System.Runtime.InteropServices.COMException
at Microsoft.Web.Administration.Interop.IAppHostMethodInstance.Execute()
at Microsoft.Web.Administration.Binding.AddSslCertificate(Byte[] certificateHash, String certificateStoreName)
at Microsoft.Web.Administration.BindingManager.Save()
at Microsoft.Web.Administration.ServerManager.CommitChanges()
at ServerManagerFactory.commit()
at IISServerManager.commit(IISServerManager* )
at Commit common changes(WebServerAdapter::configHosting line 323)
at configHosting(example.com)(WebServerAdapter::configHosting line 405)
at configHosting(example.com)(WebServerManager::configHosting line 2840)
at Unable to execute console command: '--install-vhost'(vconsoleapp::start line 95)
at Unable to execute command: '"C:Program Files (x86)Pleskadminbin64websrvmng" --install-vhost "--vhost-config=C:/Program Files (x86)/Plesk/PrivateTemp/iahfe8a84b5.tmp"'(vconsoleapp::run line 117)
(Error code 1)
-
The requested fingerprint can be seen in
%plesk_dir%adminlogsphp_error.log
with debug mode enabled:
23892:61692e61c3f54 DEBUG [panel] Add virtual host example.com, site configuration XML:
[domain name="example.com" displayName="example.com" webspaceName="example.com" status="active"][webSql enabled="false"/][webmail type="none" *sslCertHash="5abbe6638348a67e9f80acf92cc973a0a2017cfc"*/]
However, no certificates with this fingerprint exist in the MMC Certificate Snap-in list in Windows.
Cause
Plesk is trying to secure new domains with an outdated Let's Encrypt certificate - the requested SHA-1 fingerprint does not exist in the certificate pool.
This behavior is caused by either a filesystem or a database inconsistency.
Resolution
Apply one of the following solutions:
Remove the inconsistent certificate
1. Connect to the server via RDP
2. Start a command prompt as an Administrator.
3. Connect to the Plesk database:
C:> plesk db
4. Identify the filenames for the default certificate - there can be several of them:
select cert_file from certificates where name = 'Lets Encrypt certificate';
+-------------+
| cert_file |
+-------------+
| scf74AE.tmp |
+-------------+
1 row in set (0.118 sec)
5. Rename or move the found files from the %plesk_dir%varcertificates
directory
6. Run the following command to reconfigure certificates:
C:> plesk repair --reconfigure-ssl-certificates
Use a different default certificate
2. Navigate to Tools & Settings > IP Addresses > 203.0.113.2 and select "Default Certificate" as SSL/TLS Certificate.
Warning: Make sure the current certificate is not in use beforehand!