Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to install an SSL certificate for a domain in Plesk?
Answer
Note: Before securing a domain with a Let's Encrypt certificate, make sure the domain name is resolved to a public IP address of the Plesk server from the Internet. If in doubt, check your domain name availability using DNS Lookup by MxToolBox.
-
In Plesk, go to Extensions and search for Let's Encrypt.
-
Click on Let's Encrypt and then click "Get it free" (or "Install").
-
Go to Domains and select the domain you want to secure. Click Hosting Settings.
-
On the Hosting Settings page, make sure that SSL/TLS support is enabled.
-
Go back to domain's dashboard. Click Let's Encrypt.
-
Select required options. We recommend to select:
-
Include the "www" subdomain for the domain and each selected alias
-
Secure webmail on this domain (https://webmail.example.com)
Note: Email address will be used to receive important notifications and warnings.
-
-
Click Install. At this stage, an SSL certificate from Let’s Encrypt is generated and set to secure the domain. This certificate is valid for the next 90 days and will be auto-renewed by the Let's Encrypt extension.
To learn more about free SSL certificates, check the following Plesk Docs pages:
First of all, you should have a purchased SSL certificate for your website on hands. If you don't have a certificate, you can use a free certificate issued by Let's Encrypt (see instructions above).
Note: It is possible to use Plesk for generating CSR (Certificate Signing Request) for your certificate. For that, navigate to Domains > example.com > SSL Certificates, fill in the required fields and click Request. Such certificate will be Self-Signed and not valid for checks.
-
Go to Domains > example.com > SSL/TLS Certificates.
Note: If you are using the SSL It! extension, click Advanced Settings.
-
On the SSL/TLS Certificates page, add your certificate:
Note: If you are experiencing issues with a certificate installation, contact your certificate seller and ask for certificate installation instructions for Plesk.
-
If an SSL certificate is stored in a single
*.crtfile:Click Browse... to select a certificate file. Then click Upload Certificate.
-
If an SSL certificate is stored in the form of
*.keyand*.crtfiles:Click Add SSL/TLS Certificate and scroll down to the Upload the certificate files section and upload these files. If both the certificate and the private key parts of your certificate are contained in a
*.pemfile (you can check it by opening the*.pemfile in any text editor), just upload it twice, both as the private key and the certificate. Click Upload Certificate once finished.
-
If an SSL certificate is stored as a text:
Click Add SSL/TLS Certificate and scroll down to the Upload the certificate as text section. There, paste the certificate and the private key parts into the corresponding fields. Click Upload Certificate when you have finished.
-
-
Once the certificate is created, go to Domains > example.com > Hosting Settings and:
-
enable SSL support
-
select your created SSL certificate click OK
-
-
Open your website at https://example.com.
Note: In case of any issues, make sure that the certificate was properly selected.
Comments
27 comments
How do I upgrade a SSL Certificate to Intermediate or Chain?
I have a valid certificate, when i try to update it to intermediate it says incompatible key and certificate
Hello @Tanja,
The intermediate certificate is a separate type of certificates, which is used together with a server certificate. More information, for example, may be found here.
For obtaining required info regarding your certificate, please, contact corresponding certificate authority.
thank you, but i already have everything, i only need to add it into plesk somehow.
Do i just overwrite the certificate i already have there? Or do i add it under the old certificate?
Edit: i solved my problem now, it is really related to how to add the intermediate certificate when you already have a certificate
please! I need an additional walkthrough for the case
Hello @Tanja, Could you, please, clarify the question? As I can see from the reply, the issue is already resolved.
Could you please give more details about the scenario you are trying to apply?
This will allow to give you more precise answer.
Hello Ivan,
the problem is the change from installed SSL certificate which is accepted from almost every browser as secure except safari (and some other mobile exceptions) to the extended "intermediate" certificate.
So i had my URL running for a few month under the normal Commodo SSL certificate but then started to get complains from customers that some browsers still marked my url as unsecure. i contacted commodo about it and they gave me an intermediate certificate with a vage instruction to add it under the normal certificate in plesk..
i had 1 week struggle till i figured out they ment that literal AND that i had to redo it underplesk with the normal certificate top and the intermediate bottom.
i work for a small company and i m the technical support for everything here, a jack of all trades is a master of non so i (and probally other people) need that "how-to" in case i need to do that again in a few month and i forgot how to do it (or someone else like me totally new to that problem needs as well) so my request is if you can make a more detailled walk-though.
i would actually do that myself if you want (as long as i still know how) but i dont think i can?
Hello @Tanja, thank you for sharing the additional details.
> i would actually do that myself if you want (as long as i still know how) but i dont think i can?
Feel free to share detailed steps which helped you to achieve the goal.
Based on this information, this article will be updated or the new one will be created.
How do you install a Let's Encrypt certificate on a domain that is only hosting emails (no web hosting)? There is an option to select a certificate on the Mail Settings tab, but I don't see any place to actually setup the certificate.
Hello, @Scott S.
As Let's Encrypt require validation before certificate will be provided, and validation is performed by creating a .well-known folder in the document root, so domain should have a hosting to perform a validation. It is possible, however, try to trick the process via CLI, by specifying another document root for the validation:
# plesk bin extension --exec letsencrypt cli.php --help | grep webroot-path
--webroot-path|-w <string> Obtain certs by placing files in a webroot directory.
Check this one out for additional info: How to secure Plesk and mail server with Let's Encrypt certificate via CLI?
Hi,I just installed a custom SSL certificate using the Plesk administrative panel.
Also I set the right certificate in the IP setting and also restarted Apache
But when I look at the domain panel "Hosting setting" I see only the default certificate available.
Any tip
Hi @Webmaster!
Try uploading the cert via Domains > example.com > SSL/TLS certificates. After that, it should be available for the domain.
I can not install Let's Encrypt on my hosting at a virtual server. I receive this message:
Error: Could not issue to Let's Encrypt SSL / TLS certificate for [...]
Let's connect to the Let's Encrypt server https://acme-v01.api.letsencrypt.org.
Please try again later or report the issue to support.
Details
Could not obtain directory: cURL error 6: Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
@Cesare
There is a name resolution issue on your side. - "Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known"
Make sure that the "acme-v01.api.letsencrypt.org" could be resolved from your server.
@Robert Asilbekov
I solved by restarting the server.
hey, in my plesk i cannot see options for encrypt or secure your site, what shall i do?
I have ssl certificate ready with me.
Hello @Priyank,
What version of Plesk is used? Do you have access to Plesk as administrator?
Do you have SSL support activated at Domains > example.com > Hosting Settings?
i am using plesk 12.5.30 version.
In hosting setting it is asking to install the ssl certificate first, I have already uploaded the file in webroot directory as mentioned by the ssl team.
But i am not getting the option to upload the crt file.
Thanks for the prompt reply.
@Priyank,
> But i am not getting the option to upload the crt file.
This should be done at
Domains > example.com > SSL Certificates:
It should have but it isn't available.
I am stucked here since yesterday.
Does it take time to process because I have uploaded it yesterday ?
@Priyank S
The Domains > example.com > SSL Certificates option is missing under the domain, am I right? If so, please make sure that SNI is enabled on the server: https://support.plesk.com/hc/en-us/articles/213387749-Unable-to-install-a-certificate-for-a-domain-SSL-TLS-Certificates-option-is-missing
How do you close and open the website, after installing the certificate.
Hello @Andres,
> How do you close and open the website, after installing the certificate.
If redirection from HTTPS to HTTPS is enabled, to open the website you just need to type its domain name in the browser address bar. If such redirection in disabled, you will need to type "https://" before the domain name.
Could you explain what do you mean here by closing the website, do you mean closing it in a browser or something else?
Dear Ivan. I installed an SSL certificate, but in the browser bar it says is "not safe". I checked the certificated and is correctly installed. Reading this topic, in the beginning it says "Note: After the certificate installation, the website must be closed and opened again, otherwise if only the page is reloaded, the browser will continue showing certificate error." That's why I asked about closing the website.
Hello @Andres Santander!
>Reading this topic, in the beginning it says "Note: After the certificate installation, the website must be closed and opened again, otherwise if only the page is reloaded, the browser will continue showing certificate error."
This means the same that Ivan said - close browser tab/window in which a website opened, and then open it in a new browser tab/window.
>I installed an SSL certificate, but in the browser bar it says is "not safe".
Usually, this means that either old certificate is cached by the browser, or there are some elements on the website (pictures, CSS, JS etc.) which are downloaded over HTTP, not HTTPS (see the article for more information).
To check if it's a cache issue or not, open the website in the incognito browser window.
If the issue still persists, consider submitting a support request.
To secure mail exchange with mail.customerdomain.tld on a mail-only server with Plesk Obsidian, how to get Let´s Encrypt Certificate, when www.customerdomain.tld points to on another server? It seems to be impossible and the shiny new SNI feature of Obsidian simply does not work...
Hello @TRILOS!
To secure domain in Plesk panel it should be resolved to the server IP address.
As for the SNI feature not working correctly on your server, please check these articles:
https://support.plesk.com/hc/en-us/articles/213944545-How-to-activate-the-SNI-support-on-a-Plesk-server-
https://support.plesk.com/hc/en-us/articles/115001446174-How-to-secure-a-Plesk-mail-server-with-different-SSL-certificates-SNI-support-
If none of these solutions will work for you, please contact support using this article: https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-
We are encouraged to investigate SNI issues, thus, every issue is valuable!
Hello Anna Morozyuk, www.customerdomain.tld and customerdomain.tld point to the webserver as they has to, but it´s about a mail-only Server, where mail.customerdomain.tld points to and has to be secured.
By the way, a Login to support.plesk.com ist not possible with Chrome and Firefox, only Internet Explorer works - and the browser does not allow to type the at-character and prevents inserting text from clipboard.
Hello @TRILOS,
As I understand the mail.customerdomain.tld is created as a domain with no hosting on mail-only server?
For this case, you may try to apply the steps from this article: https://support.plesk.com/hc/en-us/articles/360010008800
The functionality to secure domain with no hosting will be implemented in Plesk Obsidian further.
> By the way, a Login to support.plesk.com ist not possible with Chrome and Firefox, only Internet Explorer works - and the browser does not allow to type the at-character and prevents inserting text from clipboard.
Please, let me know the version of the browser's you've used. Screenshots will also be helpful. This behavior wasn't reproduced from my side or reported by other customers.
Please sign in to leave a comment.