Articles in this section

What does Imunify notifications do in Plesk?
PHP settings do not apply on a domain when CageFS is enabled in CloudLinux
[CVE-2025-66431] Security vulnerability in domain creation mechanism allows Plesk users to execute arbitrary code on behalf of root
Generating CSR certificate under AlmaLinux 9 and AlmaLinux 10 does not save the Country, City and other fields from SSL certificate settings section
Plesk update fails: bind9 package is half-configured
Wrong $_SERVER['HTTP_HOST'] and $_SERVER['SERVER_NAME'] using Default Site in IP Addresses
Plesk / system update fails after dist-upgrade from Debian 11 to Debian 12: Depends: libodbc2 (>= 2.3.1) but it is not going to be installed
Accessing Apache & nginx settings in Plesk 18.0.72.0 returns error 500: Return value must be of type bool, null returned
Vulnerability CVE-2025-54336
Unable to open mail server configuration for a domain in Plesk UI: The label can only be a string
See more

How to issue a SSL/TLS certificate for a domain via REST API?

Atif Bangash

Updated January 13, 2026 19:13

kb: how-to Plesk for Linux

Applicable to:

Plesk for Linux

Question

How to create an SSL/TLS certificate for a domain via REST API?

Answer

Note: Replace 203.0.113.2 and ce8b9a38-4410-XXX with the required server IP address and API key from step 2 in exactly the same way as all the custom settings in the commands below.

Note: In step 2, the API key should be generated from the Plesk server where the request for creating a certificate is run.

Connect to the server via SSH.
Generate an API key:

# curl -k -X POST --user admin:"<password>" -H "Content-Type: application/json" -H "Accept: application/json" -d"{}" "https://203.0.113.2:8443/api/v2/auth/keys"

or

# plesk bin secret_key -c -ip-address 203.0.113.2
Issue a certificate:
- Create an SSL/TLS certificate using csr/key/cert files:
  
  # curl -k -X POST -H "X-API-Key: ce8b9a38-4410-. . ." -H "Content-Type: application/json" -H "Accept: application/json" "https://<Server_IP>:8443/api/v2/cli/certificate/call" -d '{ "params": ["--create", "<Certificate_name>", "-domain", "example.com", "-csr-file", "/path/to/server.csr", "-key-file", "/path/to/server.key"]}'
  The `--create` command requires concomitant use of one of the following combinations of options:
  - -csr-file <file name> -key-file <file name>
  - -csr-file <file name> -key-file <file name> -cert-file <file name>
  - -csr-file <file name> -key-file <file name> -cert-file <file name> -cacert-file <file name>
  - -key-file <file name> -cert-file <file name> -cacert-file <file name>
  - -key-file <file name> -cert-file <file name>
- If it's required to issue a Let's Encrypt certificate (e.g. for domain example.com including webmail):
  
  # curl -k -X POST -H "X-API-Key: ce8b9a38-4410-. . ." -H "Content-Type: application/json" -H "Accept: application/json" "https://<Server_IP>:8443/api/v2/cli/extension/call" -d '{ "params": ["--exec", "letsencrypt", "cli.php", "-d", "example.com", "-d", "webmail.example.com", "-m", "jdoe@example.com"]}'

Comments

1 comment

Marc Edgley
October 04, 2023 12:29

I assumed the certificate files would be on the computer you run the curl command on , however I get the error

"stderr": "Unable to create certificate \"mycert-2023-2024\": file privkeyfile.key dose not exist"

Do the files need to be in some shared store on the server or in a folder in the domain's folder?

0

Please sign in to leave a comment.