Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to secure Plesk and mail server with Let's Encrypt certificate using command line?
Answer
By default, new Plesk installations come with pre-installed Let's Encrypt extension and if the server's hostname is correct, Plesk secures itself automatically.
Note: To issue a certificate, correct hostname should be used in OS, and it should resolve to the server's IP address.
Here and forth example.com will be used as the server's hostname and 203.0.113.2 will be used as the server's public IP.
-
On Windows
-
Connect to the server via RDP
-
Find out server's hostname:
C:\> plesk bin server_pref --get-hostname
example.com -
Make sure that the hostname points to the server's IP:
C:\> nslookup example.com 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: example.com
Addresses: 203.0.113.2
-
-
On Linux
-
Connect to the server via SSH
-
Find out server's hostname:
# plesk bin server_pref --get-hostname
example.com -
Make sure that the hostname points to the server's IP:
# host example.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
example.com has address 203.0.113.2
-
-
Make sure that the latest Let's Encrypt extension is installed on the server:
# plesk bin extension -i letsencrypt
C:\> plesk bin extension -i letsencrypt
-
Issue and secure Plesk with a certificate:
-
On Linux:
# plesk bin extension --exec letsencrypt cli.php --secure-plesk -m john.doe@example.com -w /var/www/vhosts/default/htdocs -d example.com
-
On Windows:
C:\> plesk bin extension --exec letsencrypt cli.php --secure-plesk -m john.doe@example.com -w "%plesk_dir%\default\htdocs" -d example.com
-
-
Secure additional services:
-
Set the certificate as default for an IP address:
# plesk bin certificate --assign-cert "Lets Encrypt certificate" -ip 203.0.113.2
-
Set the certificate for the mail server:
# plesk bin mailserver --set-certificate "Lets Encrypt certificate"
-
Set the certificate for Plesk Control panel:
# plesk bin server_pref --update -panel-certificate "Lets Encrypt certificate"
-
Comments
4 comments
does not give the correct hostname. It gives some local-only host name for the server, like
where the first part (before ".local") is the name of the resource in DigitalOcean's interface.
Hi Ryan,
The mentioned command shows the information that is set in Plesk > Tools & Settings > Server Settings > Full hostname field.
Sometimes, the hostname of the server itself does not change after it is set via the Plesk UI. In that case, it should be changed manually.
You may take a look at this article for help: How to change or get the server hostname on Plesk server
Getting this error:
Please update KB with this case.
command "plesk bin extension --exec letsencrypt cli.php -secure-plesk -m email@domain.tld -w /var/www/vhosts/default/htdocs -d hostname.domain.tld" responds with error message
'ERR [extension/letsencrypt] The execution of cli.php has failed with the following message: Option "c" requires a parameter.'
Product version: Plesk Obsidian 18.0.48.0
OS version: Ubuntu 18.04 x86_64
Does this KB article require an update or am I doing somethin wrong?
Please sign in to leave a comment.