Articles in this section

See more

How to secure Plesk and mail server with Let's Encrypt certificate via CLI?

Avatar
Alexandr Bashurov
Updated
Follow

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Question

How to secure Plesk and mail server with Let's Encrypt certificate using command line?

Answer

By default, new Plesk installations come with pre-installed Let's Encrypt extension and if the server's hostname is correct, Plesk secures itself automatically.

Note: To issue a certificate, correct hostname should be used in OS, and it should resolve to the server's IP address.
Here and forth example.com will be used as the server's hostname and 203.0.113.2 will be used as the server's public IP.

Check if server's hostname resolves properly

  • On Windows

    1. Connect to the server via RDP

    2. Find out server's hostname:

      C:\> plesk bin server_pref --get-hostname
      example.com

    3. Make sure that the hostname points to the server's IP:

      C:\> nslookup example.com 8.8.8.8
      Server: google-public-dns-a.google.com
      Address: 8.8.8.8

      Non-authoritative answer:
      Name: example.com
      Addresses: 203.0.113.2

  • On Linux

    1. Connect to the server via SSH

    2. Find out server's hostname:

      # plesk bin server_pref --get-hostname
      example.com

    3. Make sure that the hostname points to the server's IP:

      # host example.com 8.8.8.8
      Using domain server:
      Name: 8.8.8.8
      Address: 8.8.8.8#53
      Aliases:

      example.com has address 203.0.113.2

Issue and apply the certificate to the server (For Plesk Onyx 17.0 and newer):

  1. Connect to the server via SSH or RDP

  2. Make sure that the latest Let's Encrypt extension is installed on the server:

    # plesk bin extension -i letsencrypt

    C:\> plesk bin extension -i letsencrypt

  3. Issue and secure Plesk with a certificate:

    • On Linux:

      # plesk bin extension --exec letsencrypt cli.php --secure-plesk -m john.doe@example.com -w /var/www/vhosts/default/htdocs -d example.com

    • On Windows:

      C:\> plesk bin extension --exec letsencrypt cli.php --secure-plesk -m john.doe@example.com -w "%plesk_dir%\default\htdocs" -d example.com

  4. Secure additional services:

    • Set the certificate as default for an IP address:

      # plesk bin certificate --assign-cert "Lets Encrypt certificate" -ip 203.0.113.2

    • Set the certificate for the mail server:

      # plesk bin mailserver --set-certificate "Lets Encrypt certificate"

Issue and apply the certificate to the server (For Plesk 12.5):

  1. Connect to the server via SSH or RDP

  2. Install or update the Let's Encrypt extension from Plesk UI: How to install Plesk extension?; How to update Plesk extensions

  3. Issue and secure Plesk with a certificate:

    • On Linux:

      # plesk bin extension --exec letsencrypt cli.php --secure-plesk -m john.doe@example.com -w /var/www/vhosts/default/htdocs -d example.com

    • On Windows:

      C:\> plesk bin extension --exec letsencrypt cli.php --secure-plesk -m john.doe@example.com -w "%plesk_dir%\default\htdocs" -d example.com

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles