Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
When Plesk or a Plesk website is opened via HTTPS, a warning regarding an expired certificate is displayed.
How to renew this certificate?
Answer
Plesk offers multiple ways of renewing and using SSL certificates.
-
Plesk has the SSL It! extension that allows using free SSL certificates for domains and their aliases. The extension is capable of self-renewing the certificates, so there is no need to worry about manual renewals.
More details on how to install and use free Let's Encrypt certificate for a domain can be found in this article. For Plesk itself here.Note: There is an exception here. If a wildcard certificate is used for a domain and DNS is not managed by Plesk, it will be required to update the certificate manually as per the article due to the limitations on the Let's Encrypt side.
-
In case a certificate is purchased from some certificate authority, for example, from Comodo and this certificate has expired, get in contact with the certificate issuer to obtain the renewed version of the certificate. After that, upload this new certificate for a domain as described here. For Plesk itself follow the steps from this article.
-
If a self-signed certificate is used, generate a new one and upload it as described in this guide.
Comments
6 comments
How can the default certificate being replaced by a Lets Encrypt certificate. I want to get rid from the default self-signed certificate but I can't. I've secured my Plesk panel with a subdomain with Let's Encrypt certificate. Can you please add an option to redirect from the https://<server ip> to a (sub)domain on the server which is al ready secured with a Lets Encrypt certificate? Then I can remove the default certificate from the server because it's not in used anymore and also the ssllabs test is much better without the self signed certificate which is included in the test as second (invalid) certificate.
Hi Pascal, check the section Tools & Settings > IP Addresses - select IP Address and make sure that the default cert is not selected there. You can choose the required one. Also check this https://support.plesk.com/hc/en-us/articles/115001452553-How-to-secure-Plesk-IP-address-with-Let-s-Encrypt-certificate-
The default certificate generated during installation has "Parallels Panel" as domain name. When adding a new self-signed certificate, Plesk will require a well-formed domain name, but entering that, will show a prominent warning in mail client of users that setup mailbox using mail.domain.tld as IMAP server.
Such warning is a red "Wrong site" warning, that is more prominent compared to the yellow warning shown when using the default certificate.
There would be a solution if only Plesk could generate multi-domain certificates (self-signed or Let's Encrypt).
@Marco
Hello!
Thank you for the notice.
The implementation of such functionality is currently under discussion be Development Team.
You may vote for this feature suggestion to show your interest in such functionality.
I have the problem that the Lets encrypt root certificate for Plesk expired and did not renew automatically. Triggering the license renewal works without any problems, but the expired certificate is only displayed in the email area.
I am at a loss, and I am getting more and more users who receive a certificate error when retrieving e-mails.
Has anyone ever had the problem or even a solution to it?
Best regards
Michael
Hello Michael Lieder
As I can see, this was resolved by technical support already.
Please sign in to leave a comment.