Applicable to:
- Plesk
Question
When Plesk or another site is opened via HTTPS, a warning is displayed regarding an expired certificate.
How to renew this certificate?
Answer
Plesk offers multiple ways of renewing and using SSL certificates. It has Let's Encrypt extension that allows using free SSL certificates for domain and its aliases. The extension is capable of self-renewing the certificates, so there is no need to worry about manual renewals. See the following article to learn how to install and use Let's Encrypt certificates:
How to install SSL certificate for a domain in Plesk
In case the certificate is purchased from some certificate center (for example from Comodo) and the certificate expired, get in contact with the certificate issuer and get the renewed version of the cert. After that, upload the certificate via Plesk > Tools & Settings > SSL/TLS certificates (server level) or via example.com > SSL/TLS certificates (domain level).
If self-signed certificate is used, generate a new one using instructions from the following documentation: Securing Plesk and the Mail Server With a Self-Signed Certificate
Comments
6 comments
How can the default certificate being replaced by a Lets Encrypt certificate. I want to get rid from the default self-signed certificate but I can't. I've secured my Plesk panel with a subdomain with Let's Encrypt certificate. Can you please add an option to redirect from the https://<server ip> to a (sub)domain on the server which is al ready secured with a Lets Encrypt certificate? Then I can remove the default certificate from the server because it's not in used anymore and also the ssllabs test is much better without the self signed certificate which is included in the test as second (invalid) certificate.
Hi Pascal, check the section Tools & Settings > IP Addresses - select IP Address and make sure that the default cert is not selected there. You can choose the required one. Also check this https://support.plesk.com/hc/en-us/articles/115001452553-How-to-secure-Plesk-IP-address-with-Let-s-Encrypt-certificate-
The default certificate generated during installation has "Parallels Panel" as domain name. When adding a new self-signed certificate, Plesk will require a well-formed domain name, but entering that, will show a prominent warning in mail client of users that setup mailbox using mail.domain.tld as IMAP server.
Such warning is a red "Wrong site" warning, that is more prominent compared to the yellow warning shown when using the default certificate.
There would be a solution if only Plesk could generate multi-domain certificates (self-signed or Let's Encrypt).
@Marco
Hello!
Thank you for the notice.
The implementation of such functionality is currently under discussion be Development Team.
You may vote for this feature suggestion to show your interest in such functionality.
I have the problem that the Lets encrypt root certificate for Plesk expired and did not renew automatically. Triggering the license renewal works without any problems, but the expired certificate is only displayed in the email area.
I am at a loss, and I am getting more and more users who receive a certificate error when retrieving e-mails.
Has anyone ever had the problem or even a solution to it?
Best regards
Michael
Hello Michael Lieder
As I can see, this was resolved by technical support already.
Please sign in to leave a comment.