Articles in this section

See more

How to secure Plesk and mail server with Let's Encrypt certificate via CLI?

Avatar
Natalia Astashenko
Updated
Follow

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Question

How to install Let's Encrypt SSL certificate via command line for securing Plesk UI and mail server?

Answer

By default, new Plesk installation is coming with pre-installed Let's Encrypt extension and if the server's hostname is correct, Plesk secures itself.

To do it manually in CLI, there should be a correct hostname in OS and it should be resolved to the server IP address:

# dig +short example.com
203.0.113.2

where 203.0.113.2 - is a server's public IP.

Instructions are below:

  1. Install Let's Encrypt extension if it is missing in Extensions menu.

  2. Connect to the server using SSH or via RDP.

  3. In case there is no domain in Plesk with the server hostaname, e.g example.com:

    3.1 Make sure that Default site is set to None in Tools & Settings > IP Addresses > 203.0.113.2.
    3.2 Create and apply Let's Encrypt certificate:

    • for **Linux**:

      # plesk bin extension --exec letsencrypt cli.php --secure-plesk -m [email protected] -w /var/www/vhosts/default/htdocs -d example.com

    • for **Windows**:

      C:\> plesk bin extension --exec letsencrypt cli.php --secure-plesk -m [email protected] -w "%plesk_dir%\default\htdocs" -d example.com

    Warning: This step is applicable for Let's Encrypt 1.3 or higher.

    3.3 Set the certificate as default for an IP address:

    # plesk bin certificate --assign-cert "Lets Encrypt certificate" -ip 203.0.113.2

    3.4. Secure Plesk mail server:

    # plesk bin mailserver --set-certificate "Lets Encrypt certificate"

  4. In case domain with the server hostname already exists in Plesk:

    4.1 Create a certificate for the server hostname:

    \# plesk bin extension --exec letsencrypt cli.php -d example.com -d www.example.com -m [email protected]

**Note:** Remove -d `www.example.com` if the domain does not have `www` prefix. If any error occurred during this step, search the solution in [Plesk Knowledge Base](https://support.plesk.com/hc/en-us).

    4.2 Set the certificate as default for Plesk login:

    \# plesk bin server_pref -u -panel-certificate "Lets Encrypt example.com" -certificate-repository example.com

    4.3 Set the certificate as default for an IP address:

    \# plesk bin certificate --assign-cert "Lets Encrypt example.com" -domain example.com -ip 203.0.113.2

    4.4. Secure Plesk mail server:

# plesk bin mailserver --set-certificate "Lets Encrypt example.com" -certificate-repository example.com

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles