Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to secure Plesk interface with an SSL certificate (from Let's Encrypt or other certificate authorities)?
Answer
- Log in to Plesk.
-
Go to Tools & Settings > SSL/TLS Certificates (under Security).
-
Click Let's Encrypt.
-
Make sure the Domain name and Email address fields contain a valid information:
-
Domain name can be a server hostname (preferable) or any other (sub)domain name hosted on the server. It will be used as an entry point to Plesk interface (for example, https://server.example.com:8443) for all Plesk users (customers, resellers, etc.) who have access to Plesk.
Note: The hostname/domain name must be resolvable to a public IP address of the Plesk server from the Internet. If in doubt, check your hostname/domain name availability using DNS Lookup by MxToolBox.
If a domain, e.g. example.com, is using permanent www redirection, specify www.example.com as Domain name. - Email address will be used to receive important notifications and warnings.
-
-
Click Install. At this stage, an SSL certificate from Let’s Encrypt is generated and set to secure Plesk on port 8443. This certificate will be auto-renewed. Here is the final look:
Now, access Plesk over https://server.example.com:8443.
- Log in to Plesk.
-
Go to Tools & Settings and click SSL/TLS Certificates.
-
On the SSL/TLS Certificates page, add your certificate:
Note: If you are experiencing issues with a certificate installation, contact your certificate seller and ask for instruction for Plesk.
-
If an SSL certificate is stored in a single
*.crtfile:Click Choose File to select a certificate file. Then click Upload Certificate.
-
If an SSL certificate is stored in the form of
*.keyand*.crtfiles:Click Add under List of certificates in server pool and scroll down to the Upload the certificate files section and upload these files. If both the certificate and the private key parts of your certificate are contained in a
*.pemfile (you can check it by opening the*.pemfile in any text editor), just upload it twice, both as the private key and the certificate. Click Upload Certificate once finished.
-
If an SSL certificate is stored as a text:
Click Add under List of certificates in server pool and scroll down to the Upload the certificate as text section. There, paste the certificate and the private key parts into the corresponding fields. Click Upload Certificate when you have finished.
-
-
Click [Change] next to Certificate for securing Plesk > select an uploaded certificate > click OK. Now Plesk interface is secured with an SSL certificate.
Additional Information
Plesk Obsidian secures its hostname with a free Let's Encrypt certificate automatically, if the Let's Encrypt extension is installed and the hostname is a fully qualified domain name (FQDN) and is resolvable from the Internet.
Comments
Let's Encrypt screen shows [Reissue] button and not [Install]. I followed the steps but still do not see a secured 8443
Followed this step by step and still have a non secure when logining in and can not sync to plesk 360
Same issue!
I think these 3 help articles should be linked together as it appears you need all 3 steps to make it work, yes ? after changing the host name and setting custom url, to then go and issue a new certificate
1) https://support.plesk.com/hc/en-us/articles/12377745012247-How-to-customize-Plesk-URL
2) https://support.plesk.com/hc/en-us/articles/12377750836375--How-to-change-or-get-the-server-hostname-on-Plesk-server
3) https://support.plesk.com/hc/en-us/articles/12377713798039-How-to-secure-a-Plesk-hostname-on-port-8443-with-an-SSL-certificate-Let-s-Encrypt-other-certificate-authorities
Please sign in to leave a comment.