How to renew expired SSL certificate on Linux


2016-11-16 13:14:00 UTC


2017-08-18 12:39:51 UTC


Was this article helpful?

Have more questions?

Submit a request

How to renew expired SSL certificate on Linux

Applicable to:

  • Plesk for Linux
  • Plesk Onyx for Windows
  • Plesk 12.5 for Windows


When Plesk or another site is opened via HTTPS, a warning is displayed regarding an expired certificate.

How to renew this certificate?


There are no special certificates provided by Plesk. The default SSL certificate is used in Plesk is a self-signed one, which is generated once during the Plesk installation. The presence of this SSL certificate is required for SSL connections.

To create a new self-signed SSL certificate, log into Plesk as an administrator, go to the Certificates page, and create the new certificate: Tools & Settings -> SSL Certificates -> Add

Fill in the required preferences and click Self-Signed .

A new self-signed SSL certificate will be created in the server certificate repository:

# ls -la /usr/local/psa/admin/conf/httpsd.pem
-r-------- 1 root root 3089 Sep 23 12:50 /usr/local/psa/admin/conf/httpsd.pem

The old one will be renamed as httpsd.pem.sav

# ls -la /usr/local/psa/admin/conf/httpsd.pem.sav
-r-------- 1 root root 3046 Sep 5 01:23 /usr/local/psa/admin/conf/httpsd.pem.sav

To assign this SSL certificate for securing the Plesk installation, check the newly-enabled SSL certificate in the list and click Install .

HTTP mode can also be used to access the Plesk interface: navigate to http://hostname:8880 and follow the same instructions as above.

Renewal is also possible through SSH:

To assign SSL certificate for default Plesk IP address use the following command:

# /usr/local/psa/bin/certificate -ac "Certificate" -admin -ip <YOUR PLESK IP>

Note: should be changed to your valid domain name.

For additional information refer to


  1. Connect to the Plesk server under root

  2. Go to the certificate directory and rename it:

    # cd /usr/local/psa/admin/conf/
    # mv httpsd.pem{,.old}
  3. Create a new certificate with the same name:

    # openssl req -new -nodes -x509 -out httpsd.pem -newkey rsa:2048 -keyout httpsd.pem -days 3650

    Fill out all the required fields.

    In this case, a PEM type certificate will be created, valid for 10 years with a private part without a password and 2048 bit key length.

  4. Restart sw-cp-server service:

    # service sw-cp-server restart

See the Plesk documentation for more information on how to set up self-signed certificates.

After you have created or uploaded a new certificate into Plesk and wish to use it for domains, you should set it for every IP you need.

This can be done at Server > IP Addresses > "Choose IP" by selecting the required certificate in the "SSL Certificate" drop-down menu.

NOTE: The browser will still warn you that the certificate is not from a trusted source since you created a self-signed certificate. In order to get rid of this warning, it is necessary to buy a certificate from an authorized certificate seller.

Have more questions? Submit a request
Please sign in to leave a comment.