Restart Plesk Panel Interface
1. Many times this error can be fixed by just restarting the Plesk panel interface. This happens when curl libraries are updated and the Plesk panel process needs to be restarted otherwise the PHP curl functions required by the extension will not work properly. Run the following command (as root):
systemctl restart sw-engine && systemctl restart sw-cp-serverOutdated Packages
2. Make sure your openssl, curl, and ca-certificates packages are up to date. Outdated packages can result in SSL errors when your server tries to communicate with our licensing server.:
// Centos/RHEL/CLoudLinux/AlmaLinux
yum update openssl curl ca-certificates
// Debian/Ubuntu
apt-get upgrade openssl curl ca-certificates
// You can test if your server can communicate properly with our licensing server using the wget command
// If you get an expired certificate error then your server packages are out of date.
wget https://www.danami.comBlocked Licensing Server IP Address
3. Make sure that you are not blocking the licensing server IP addresses on the servers firewall. Imunify360 is known to block our server IPs for some reason. Our licensing server IP addresses are:
IPv4: 158.69.247.150
IPv6: 2607:5300:120:796::1You can run the following command to see if your server can connect to the licensing server. You should get a response of Verify return code: 0 (ok) if the connection was successful.
openssl s_client -connect www.danami.com:443If you get the error below that means that your server cannot connect to our licensing server (usually that means there is a firewall or connection problem):
openssl s_client -connect www.danami.com:443 - returns:
socket: Bad file descriptor
connect:errno=9Incorrect Time
4. Make sure that the date and time on the server is correct (The wrong time will cause the SSL certificate connection to fail). Install a NTP time sync daemon on your server like Chrony or if ntpdate is installed on the server you can sync your server time using the command:
Using ntpdate:
/usr/sbin/ntpdate -b -s time.nist.govUsing chronyd:
systemctl stop chronyd && chronyd -q 'server pool.ntp.org iburst' && systemctl start chronydEnd of Life Operating Systems
5. If your server is end-of-life (Debian 9, Debian 8, or Ubuntu 16) then it will not be getting any type of package security updates so you can't update your openssl, curl, or ca-certificates packages . These outdated operating systems can no longer talk to any server that uses a Let's Encrypt certificate (like our licensing server). Users of end-of-life operating systems can use the fix below until they get their OS properly updated:
sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
update-ca-certificates
/etc/init.d/psa restartOpen a Ticket
6. If you have tried all of the above steps and you are still not able to connect to the licensing server please open a support ticket and include your servers IP address. The tech will run some additional tests on our side to see what the problem is.
