How to secure a Plesk hostname on port 8443 with an SSL certificate (Let's Encrypt / other certificate authorities)

Follow

Comments

20 comments

  • Avatar
    Azzam Daaboul

    Hi there,

    This should work, but when I activate "let's encrypt" the domain become un-accessable :)

    Best,

    Azzam

    0
    Comment actions Permalink
  • Avatar
    Lev Iurev

    Hi @Azzam, please let me know the error.

    0
    Comment actions Permalink
  • Avatar
    Harry

    this solution does not work when plesk admin login is installed on a subdomain, e.g.: https://subdomain.example.com:8443

    how to solve it?

     

    0
    Comment actions Permalink
  • Avatar
    Artyom Baranov

    Hi, Harry!

    After assigning a Let's Encrypt certificate to a subdomain just go to Tools & Settings > SSL/TLS Certificates

    Find the option Certificate for securing Plesk and click on [Change] button right to it.

    Choose the certificate assigned to subdomain and click OK.

    1
    Comment actions Permalink
  • Avatar
    Harry

    Hi Artyom,

    i can confirm it works.

    looks like it is now also updated in this article.

     

    thx!

    0
    Comment actions Permalink
  • Avatar
    Marco Marsala (Edited )

    It should automatically remove the "Default Certificate" and/or set the Let's Encrypt certificate as default.

    The Let's Encrypt certificate should be automatically applied to mail too (and in such casem if hostname is changed, the certificate should be automtically reissued or at least a warning should be generated)

    0
    Comment actions Permalink
  • Avatar
    Artyom Baranov

    @Marco Marsala

    Hello!

    The feature that you have reported is yet to be implemented in Plesk, thus I can suggest you take part in our product improvement by referring to the following link: https://plesk.uservoice.com/forums/184549-feature-suggestions

    The top-ranked suggestions are likely to be included in the next versions of Plesk.

     

    0
    Comment actions Permalink
  • Avatar
    Sait Kurt

    Hello there;
    I applied the existing SSL certificate and compared it to the following problem.
    Firstly I am having a plesk update problem.
    If this is causing the problem, the YUM update setup can not be done.
    I have encountered this problem since I switched to https connection.

    0
    Comment actions Permalink
  • Avatar
    Bulat Tsydenov

    @Sait I don't think that the issue with YUM update is the consequence of securing Plesk with an SSL certificate. Can you provide more details of YUM update issue?

    1
    Comment actions Permalink
  • Avatar
    Sait Kurt

    [root@sunucu yum.repos.d]# yum update -y
    Setting up Update Process
    https://autoinstall.plesk.com/PSA_17.5.3/extras-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
    Trying other mirror.
    https://autoinstall.plesk.com/NGINX17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
    Trying other mirror.
    https://autoinstall.plesk.com/PHP56_17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
    Trying other mirror.
    https://autoinstall.plesk.com/PHP70_17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
    Trying other mirror.
    https://autoinstall.plesk.com/PHP71_17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
    Trying other mirror.
    http://apt.sw.be/redhat/el6/en/x86_64/dag/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'apt.sw.be'"
    Trying other mirror.

    0
    Comment actions Permalink
  • Avatar
    Bulat Tsydenov

    @Sait As I can see from the output you provided, it is trying to get plesk-engine package from apt.sw.be repo which is not resolvable. Try to disable the repo with apt.sw.be and initiate installation of updates again.

    1
    Comment actions Permalink
  • Avatar
    Sait Kurt

    Can you tell me how I can keep it disabled? apt.sw.be repo ?

    0
    Comment actions Permalink
  • Avatar
    Bato Tsydenov

    @Sait 

    To disable repository you need to find appropriate repo file and edit it:

    1. Execute the following command to find the .repo file:
    grep apt.sw.be /etc/yum.repos.d/

    2. Open the file (i.e. some.repo) from the output in editor:
    vi /etc/yum.repos.d/some.repo

    3. Find the section with apt.sw.be in "baseurl". It will look like this:

    [apt.sw.be]
    name=apt.sw.be
    baseurl=http://apt.sw.be/redhat/el6/en/x86_64/dag/
    enabled=1
    gpgcheck=0

    4. Change "enabled" value to 0

    0
    Comment actions Permalink
  • 0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Pascu,

    Thank you for noticing.

    This article is currently under review. For now, this link will be hidden.

    0
    Comment actions Permalink
  • Avatar
    Scott Saccenti

    Trying to follow procedure described above.

    I have a VPS with GoDaddy and the server hostname is in format: s12-345-678-90.secureserver.net
    When I click on the " + Let's Encrypt " button (step 4), it fills that hostname in for me as the "Domain Name", and asks for an email address as well (step 5). So I accept this default (but put in a proper email address) and click INSTALL (step 6).

    This is the error message:
    Could not issue a Let's Encrypt SSL/TLS certificate for s12-345-678-90.secureserver.net. Authorization for the domain failed.
    Detail: dns :: DNS problem: NXDOMAIN looking up A for s12-345-678-90.secureserver.net

    (I've substituted for the actual IP above of course, but that is the format)

    0
    Comment actions Permalink
  • Avatar
    Alisa Kasyanova

    @Scott Saccenti
    You need to make sure that s12-345-678-90.secureserver.net properly resolves to 12.345.678.90 (to your IP address). For example, use https://mxtoolbox.com/ to make sure that the hostname is resolving.
    If it is not, I recommend checking the GoDaddy documentation in order to find out how to make the hostname resolving.

    0
    Comment actions Permalink
  • Avatar
    Santiago Alejandro Gonzalez

    This worked like a charm.

     

    After assigning a Let's Encrypt certificate to a subdomain just go to Tools & Settings > SSL/TLS Certificates

    Find the option Certificate for securing Plesk and click on [Change] button right to it.

    Choose the certificate assigned to subdomain and click OK.

    1
    Comment actions Permalink
  • Avatar
    Salecroix Charly

    Hi there,

    I am currently experiencing a problem with SSL encryption Let's Encrypt for plesk hostname on the server.example.com subdomain on port 8443.I am using Plesk Obsidian on Debian 8.11 with shared IP.

    Indeed, the server.example.com subdomain is currently properly secured with a Let's Encrypt SSL certificate (port 443) but on port 8443 it is an old expired Let's Encrypt SSL certificate which is used.

    However on Tools & Settings > SSL/TLS Certificates I changed the "Certificate for securing Plesk" by specifying the certificate of the server.example.com subdomain. But this has no effect.

    How can I via CLI-linux delete the expired certificate for the admin subdomain "server.example.com" and indicate the valid certificate of the subdomain server.example.com? What is the specific path to the admin certificate?

    I executed the command:
    "plesk bin certificate --assign-cert" Lets Encrypt server.example.com"-admin server.example.com -ip 192.0.2.78" but I get the message: "Unknow option 'server.example.com' :".


    Thank you in advance for your help which is welcome

    0
    Comment actions Permalink
  • Avatar
    Ekaterina Babenko

    Hello,

    the provided steps seem to be correct. If after assigning certificate it is still does not applied, please submit request to support team and we will look closer:
    https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-

    As for the command, the syntax is little bit different. To apply certificate via command line you may use steps from the following article:
    https://support.plesk.com/hc/en-us/articles/115000553793-How-to-secure-Plesk-and-mail-server-with-Let-s-Encrypt-certificate-via-CLI-

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request