Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to use Cloudflare's Full (Strict) encryption with Plesk?
Answer
There are two possible solutions:
Solution 1. Install a valid, trusted certificate in Plesk, e.g. from Let's Encrypt.
Solution 2. Use Cloudflare's SSL certificate chain by following these steps:
1. Create an Origin CA certificate following Cloudflare instructions.
2. Copy the content of your Private Key and Origin Certificate. Copy the content of Origin CA root certificate as well. It is provided in the Cloudflare instructions on the previous step.
3. In Plesk, go to Domains > example.com > SSL/TLS Certificates > Advanced Settings and click Add SSL/TLS Certificate.
4. Give the certificate a name, then scroll down to the section Upload the certificate as text and paste each content on their respective field:
-
- Private Key > Private key (*.key)
- Origin Certificate > Certificate (*.crt)
- Origin CA Root Certificate > CA certificate (*-ca.crt)
5. Click Upload Certificate.
6. Still in Plesk, go to Domains > example.com > Hosting Settings, scroll down to the section Security, select the newly created certificate in the field Certificate and click OK or Apply to save the changes.
7. Go back to Cloudflare and at SSL/TLS > Overview switch your SSL/TLS encryption mode to Full (strict).
Comments
3 comments
Important side note! You cannot use Cloudflare Origin CA certificate for e-mail. It works only for web traffic (HTTP / HTTPS).
you right.
If I use the origin certificate for the main domain and webmail, but keep the let's encrypt certificate for my mail domain (mail.domain.tld) and do not proxy this subdomain, will let's encryüt keep working/renewing itself?
Please sign in to leave a comment.