Applicable to:
- Plesk for Linux
- Plesk Onyx for Windows
- Plesk 12.5 for Windows
Question
When Plesk or another site is opened via HTTPS, a warning is displayed regarding an expired certificate.
How to renew this certificate?
Answer
Plesk offers multiple ways of renewing and using SSL certificates. It has Let's Encrypt extension that allows using free SSL certificates for domain its aliases. Extension is capable of self-renewing the certificates, so you do not have to worry about manual renewals. See the following article to learn how to install and use Let's Encrypt certificates:
How to install SSL certificate for a domain in Plesk
In case you were using certificate purchased from some certificate center (for example from Comodo) and certificate expired, get in contact with certificate issuer and get the renewed version of the cert. After that, upload the certificate via Tools & Settings > SSL/TLS certificates (server level) or via example.com > SSL/TLS certificates (domain level).
If self-signed certificate is used, generate a new one using instructions from the following documentation: Securing Plesk and the Mail Server With a Self-Signed Certificate
Comments
4 comments
How can the default certificate being replaced by a Lets Encrypt certificate. I want to get rid from the default self-signed certificate but I can't. I've secured my Plesk panel with a subdomain with Let's Encrypt certificate. Can you please add an option to redirect from the https://<server ip> to a (sub)domain on the server which is al ready secured with a Lets Encrypt certificate? Then I can remove the default certificate from the server because it's not in used anymore and also the ssllabs test is much better without the self signed certificate which is included in the test as second (invalid) certificate.
Hi Pascal, check the section Tools & Settings > IP Addresses - select IP Address and make sure that the default cert is not selected there. You can choose the required one. Also check this https://support.plesk.com/hc/en-us/articles/115001452553-How-to-secure-Plesk-IP-address-with-Let-s-Encrypt-certificate-
The default certificate generated during installation has "Parallels Panel" as domain name. When adding a new self-signed certificate, Plesk will require a well-formed domain name, but entering that, will show a prominent warning in mail client of users that setup mailbox using mail.domain.tld as IMAP server.
Such warning is a red "Wrong site" warning, that is more prominent compared to the yellow warning shown when using the default certificate.
There would be a solution if only Plesk could generate multi-domain certificates (self-signed or Let's Encrypt).
@Marco
Hello!
Thank you for the notice.
The implementation of such functionality is currently under discussion be Development Team.
You may vote for this feature suggestion to show your interest in such functionality.
Please sign in to leave a comment.