Applicable to:
- Plesk for Windows
- Plesk for Linux
Question
How to install SSL certificate for a domain or subdomain in Plesk?
Answer
Note: The example in instruction is for Plesk Onyx. It is strongly recommended to have the latest Plesk version for access to all new features.
- Upgrade to the latest Plesk version is recommended. Let's Encrypt extension may not work on old versions.
- Go to Plesk > Extensions and Install the Let's Encrypt extension or make sure that it is installed in Plesk > Extensions > My Extensions. If SSL It! extension is also present in list of extensions, follow 'b' options of instruction.
- Make sure that SSL/TLS Support is enabled in Domains > example.com > Hosting Settings
- a) Go to Domains > example.com > Let's Encrypt where example.com is the name of the desired domain.
b) Go to Domains > example.com > SSL/TLS Certificates and expand Let's Encrypt, click on Select button.
- Specify the email address that will be used for urgent notices and lost key recovery. By default, the email address of the subscription owner is used.
- Specify if you want to include an alternative domain name for the domain and each selected alias, for example: www.example.com for example.com. We recommend that you select this check box.
- Specify if you want to include webmail, for example: webmail.example.com. We recommend selecting this checkbox.
- If there are domain aliases, select the ones that you want to include in the certificate.
- Click Install to get and install the Let's Encrypt certificate for the domain.
- Select a required certificate for a website in Domains > example.com > Hosting Settings and click OK.
Note: The certificate will be renewed automatically.
More information may be found in Plesk Documentation:
- Getting Free SSL/TLS Certificate from Let's Encrypt
- Getting Free Wildcard SSL/TLS Certificates from Let's Encrypt
Note: The path Plesk > Tools & Settings > SSL Certificates is designed to install certificates to secure Plesk server only and for Onyx versions, it allows you to secure your mail server too. It is not designed to be used by domain's certificates. Check official documentation here. If you don't have an access to some Plesk sections or they are missing, contact server's administrator or hosting provider's support, your Plesk account is limited.
First of all, you should have a purchased certificate for your website on hands. If you don't have a certificate, you can use a free certificate provided by Let's Encrypt extension (see instructions above).
Note: It is possible to use Plesk for generating CSR (Certificate Signing Request) for your certificate, for that navigate to Domains > example.com > SSL Certificates, fill in all fields with "*" and press "Request". Such certificate will be Self-Signed and not valid for checks.
-
Add certificate to a repository navigating to Plesk > Domains > example.com > SSL/TLS Certificates and select Add SSL/TLS Certificate
OR
Advanced Settings if that menu is not present
Type in the certificate name (you will use it to identify the certificate in the list of all certificates), then upload it as described below:
- If you store the certificate in the form of the
*.keyand the*.crtfiles, scroll down to the Upload the certificate files section and upload the files. If both the certificate and the private key parts of your certificate are contained in a*.pemfile (you can check it by opening the*.pemfile in any text editor), just upload it twice, both as the private key and the certificate. Click Upload Certificate when you have finished.
- If you store the certificate as text, scroll down to the Upload the certificate as text section and paste the certificate and the private key parts into the corresponding fields. Click Upload Certificate when you have finished.
- If you experience issues with certificate installation, contact the seller and ask instruction for Plesk.
- If you store the certificate in the form of the
-
Then, enable SSL support at Plesk > Domains > example.com > Hosting Settings
-
At the same page, select a required certificate for a website at Plesk > Domains > example.com > Hosting Settings and click OK
Note: In case of any issues, make sure that the certificate was properly selected.
Note: After the certificate installation, the website must be closed and opened again, otherwise if only the page is reloaded, the browser will continue showing certificate error.
Comments
23 comments
How do I upgrade a SSL Certificate to Intermediate or Chain?
I have a valid certificate, when i try to update it to intermediate it says incompatible key and certificate
Hello @Tanja,
The intermediate certificate is a separate type of certificates, which is used together with a server certificate. More information, for example, may be found here.
For obtaining required info regarding your certificate, please, contact corresponding certificate authority.
thank you, but i already have everything, i only need to add it into plesk somehow.
Do i just overwrite the certificate i already have there? Or do i add it under the old certificate?
Edit: i solved my problem now, it is really related to how to add the intermediate certificate when you already have a certificate
please! I need an additional walkthrough for the case
Hello @Tanja, Could you, please, clarify the question? As I can see from the reply, the issue is already resolved.
Could you please give more details about the scenario you are trying to apply?
This will allow to give you more precise answer.
Hello Ivan,
the problem is the change from installed SSL certificate which is accepted from almost every browser as secure except safari (and some other mobile exceptions) to the extended "intermediate" certificate.
So i had my URL running for a few month under the normal Commodo SSL certificate but then started to get complains from customers that some browsers still marked my url as unsecure. i contacted commodo about it and they gave me an intermediate certificate with a vage instruction to add it under the normal certificate in plesk..
i had 1 week struggle till i figured out they ment that literal AND that i had to redo it underplesk with the normal certificate top and the intermediate bottom.
i work for a small company and i m the technical support for everything here, a jack of all trades is a master of non so i (and probally other people) need that "how-to" in case i need to do that again in a few month and i forgot how to do it (or someone else like me totally new to that problem needs as well) so my request is if you can make a more detailled walk-though.
i would actually do that myself if you want (as long as i still know how) but i dont think i can?
Hello @Tanja, thank you for sharing the additional details.
> i would actually do that myself if you want (as long as i still know how) but i dont think i can?
Feel free to share detailed steps which helped you to achieve the goal.
Based on this information, this article will be updated or the new one will be created.
How do you install a Let's Encrypt certificate on a domain that is only hosting emails (no web hosting)? There is an option to select a certificate on the Mail Settings tab, but I don't see any place to actually setup the certificate.
Hello, @Scott S.
As Let's Encrypt require validation before certificate will be provided, and validation is performed by creating a .well-known folder in the document root, so domain should have a hosting to perform a validation. It is possible, however, try to trick the process via CLI, by specifying another document root for the validation:
# plesk bin extension --exec letsencrypt cli.php --help | grep webroot-path
--webroot-path|-w <string> Obtain certs by placing files in a webroot directory.
Check this one out for additional info: How to secure Plesk and mail server with Let's Encrypt certificate via CLI?
Hi,I just installed a custom SSL certificate using the Plesk administrative panel.
Also I set the right certificate in the IP setting and also restarted Apache
But when I look at the domain panel "Hosting setting" I see only the default certificate available.
Any tip
Hi @Webmaster!
Try uploading the cert via Domains > example.com > SSL/TLS certificates. After that, it should be available for the domain.
I can not install Let's Encrypt on my hosting at a virtual server. I receive this message:
Error: Could not issue to Let's Encrypt SSL / TLS certificate for [...]
Let's connect to the Let's Encrypt server https://acme-v01.api.letsencrypt.org.
Please try again later or report the issue to support.
Details
Could not obtain directory: cURL error 6: Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
@Cesare
There is a name resolution issue on your side. - "Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known"
Make sure that the "acme-v01.api.letsencrypt.org" could be resolved from your server.
@Robert Asilbekov
I solved by restarting the server.
hey, in my plesk i cannot see options for encrypt or secure your site, what shall i do?
I have ssl certificate ready with me.
Hello @Priyank,
What version of Plesk is used? Do you have access to Plesk as administrator?
Do you have SSL support activated at Domains > example.com > Hosting Settings?
i am using plesk 12.5.30 version.
In hosting setting it is asking to install the ssl certificate first, I have already uploaded the file in webroot directory as mentioned by the ssl team.
But i am not getting the option to upload the crt file.
Thanks for the prompt reply.
@Priyank,
> But i am not getting the option to upload the crt file.
This should be done at
Domains > example.com > SSL Certificates:
It should have but it isn't available.
I am stucked here since yesterday.
Does it take time to process because I have uploaded it yesterday ?
@Priyank S
The Domains > example.com > SSL Certificates option is missing under the domain, am I right? If so, please make sure that SNI is enabled on the server: https://support.plesk.com/hc/en-us/articles/213387749-Unable-to-install-a-certificate-for-a-domain-SSL-TLS-Certificates-option-is-missing
How do you close and open the website, after installing the certificate.
Hello @Andres,
> How do you close and open the website, after installing the certificate.
If redirection from HTTPS to HTTPS is enabled, to open the website you just need to type its domain name in the browser address bar. If such redirection in disabled, you will need to type "https://" before the domain name.
Could you explain what do you mean here by closing the website, do you mean closing it in a browser or something else?
Dear Ivan. I installed an SSL certificate, but in the browser bar it says is "not safe". I checked the certificated and is correctly installed. Reading this topic, in the beginning it says "Note: After the certificate installation, the website must be closed and opened again, otherwise if only the page is reloaded, the browser will continue showing certificate error." That's why I asked about closing the website.
Hello @Andres Santander!
>Reading this topic, in the beginning it says "Note: After the certificate installation, the website must be closed and opened again, otherwise if only the page is reloaded, the browser will continue showing certificate error."
This means the same that Ivan said - close browser tab/window in which a website opened, and then open it in a new browser tab/window.
>I installed an SSL certificate, but in the browser bar it says is "not safe".
Usually, this means that either old certificate is cached by the browser, or there are some elements on the website (pictures, CSS, JS etc.) which are downloaded over HTTP, not HTTPS (see the article for more information).
To check if it's a cache issue or not, open the website in the incognito browser window.
If the issue still persists, consider submitting a support request.
Please sign in to leave a comment.