How to renew expired SSL certificate on Linux

Refers to:

  • Plesk for Linux
  • Plesk Onyx for Windows
  • Plesk 12.5 for Windows


2016-11-16 13:14:00 UTC


2017-02-21 18:06:05 UTC


Was this article helpful?

Have more questions?

Submit a request

How to renew expired SSL certificate on Linux


When Plesk or another site is opened via HTTPS, a warning is displayed regarding an expired certificate.

How do you renew this certificate?


Please note that installations of Plesk 7.x, 8.x, and 9.x are compatible with Offline Management of Virtual Automation Power Panel and connections to port 8443 can be served by services on the Hardware Node. If this is the case (the URL contains " /vz/cp/ "), follow the steps described in this Knowledgebase article: How do I install an SSL certificate for Power Panel or Virtual Automation Management Node? .

There are no special Plesk certificates provided by Odin. The default SSL certificate you used for Plesk is a self-signed certificate, which is generated once during your Plesk installation. The presence of this SSL certificate is required for SSL connections.

This is a default certificate shown in the server certificate repository at Server -> Certificates (for Plesk 7.5, 8.x) and at Settings -> SSL Certificates (for Plesk 9.x).

You can create your own self-signed certificate on the Certificates page, or purchase a real certificate from one of the certificate authorities.

To create a new self-signed SSL certificate, log into Plesk as an administrator, go to the Certificates page, and create the new certificate.

For Plesk version 7.x, 8.x:

Server -> Certificates -> Add New Certificate

For Plesk version 9.x:

Settings -> SSL Certificates -> Add SSL Certificate

For Plesk version 10.x:

Tools & Utilities -> SSL Certificates -> Add SSL Certificate

For Plesk version 11.x

Tools & Settings -> SSL Certificates -> Add SSL Certificate

For Plesk version 12.x

Tools & Settings -> SSL Certificates -> Add

Fill in the required preferences and click the button Self-Signed .

A new self-signed SSL certificate will be created in the server certificate repository:

# ls -la /usr/local/psa/admin/conf/httpsd.pem
-r-------- 1 root root 3089 Sep 23 12:50 /usr/local/psa/admin/conf/httpsd.pem

The old one will be renamed as httpsd.pem.sav

# ls -la /usr/local/psa/admin/conf/httpsd.pem.sav
-r-------- 1 root root 3046 Sep 5 01:23 /usr/local/psa/admin/conf/httpsd.pem.sav

To assign this SSL certificate for securing your Plesk installation, check the newly-enabled SSL certificate in the list and click on Secure the panel if you have Plesk 8.2 or later. In older Plesk versions, click Install .

You can also use HTTP mode to access the Plesk interface: navigate to http://hostname:8880 and follow the same instructions as above.

Renewal is also possible through SSH:

To assign SSL certificate for default Plesk IP address use the following command:

# /usr/local/psa/bin/certificate -ac "Certificate" -admin -ip <YOUR PLESK IP>

Note: should be changed to your valid domain name.

For additional information refer to


  1. Connect to the Plesk server under root

  2. Go to the certificate directory and rename it:

    # cd /usr/local/psa/admin/conf/
    # mv httpsd.pem{,.old}
  3. Create a new certificate with the same name:

    # openssl req -new -nodes -x509 -out httpsd.pem -newkey rsa:2048 -keyout httpsd.pem -days 3650

    Fill out all the required fields.

    In this case, a PEM type certificate will be created, valid for 10 years with a private part without a password and 2048 bit key length.

  4. Restart sw-cp-server:

    # service sw-cp-server restart

See the Plesk documentation for more information on how to set up self-signed certificates.

After you have created or uploaded a new certificate into Plesk and wish to use it for domains, you should set it for every IP you need.

This can be done at Server -> IP Addresses -> "Choose IP" by selecting the required certificate in the "SSL Certificate" drop-down menu.

NOTE: The browser will still warn you that the certificate is not from a trusted source since you created a self-signed certificate. In order to get rid of this warning, it is necessary to buy a certificate from an authorized certificate seller.

Have more questions? Submit a request
Please sign in to leave a comment.