Articles in this section

See more

How to secure a Plesk hostname on port 8443 with an SSL certificate (Let's Encrypt / other certificate authorities)

Avatar
Kuzma Ivanov
Updated
Follow
Plesk for Windows Plesk for Linux kb: auxiliary ext: le ABT: Group A

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Question

How to secure a Plesk hostname on port 8443 with an SSL certificate (Let's Encrypt / other certificate authorities)?

Answer

 

Securing Plesk interface with a free Let's Encrypt certificate (Plesk Onyx and Obsidian)

 

  1. Log in to Plesk.

  2. Go to Tools & Settings > SSL/TLS Certificates (under Security).


    Screenshot_2019-03-26_Tools_Settings_-_Plesk_Onyx_17_8_11.png

  3. Click Let's Encrypt.


    Screenshot_2019-03-26_SSL_TLS_Certificates_-_Plesk_Onyx_17_8_11.png

  4. Make sure the Domain name and Email address fields contain a valid information:

    • Domain name can be a server hostname (preferable) or any other (sub)domain name hosted on the server. It will be used as an entry point to Plesk over port 8443 (for example, https://server.example.com:8443 ) for all Plesk users (customers, resellers, etc.) who have access to Plesk.

      Note: The hostname/domain name must be resolved to a public IP address of the Plesk server from the Internet. If in doubt, check your hostname/domain name availability using DNS Lookup by MxToolBox.

      If a domain, e.g. example.com, is using permanent www redirection, specify www.example.com as Domain name.

    • Email address will be used to receive important notifications and warnings.


    Screenshot_2019-03-26_Secure_Plesk_With_a_Let_s_Encrypt_Certificate_-_Plesk_Onyx_17_8_11.png

  5. Click Install. At this stage, an SSL certificate from Let’s Encrypt is generated and set to secure Plesk on port 8443. This certificate will be auto-renewed every 90 days. Here is the final look:


    Screenshot_2019-03-26_SSL_TLS_Certificates_-_Plesk_Onyx_17_8_11_1___1_.png

    Now, access Plesk over https://server.example.com:8443.

 

Securing Plesk interface with an SSL certificate from other certificate authorities

 

  1. Log in to Plesk.

     

  2. In Plesk, go to Tools & Settings and click SSL/TLS Certificates.


    Screenshot_2019-03-26_Tools_Settings_-_Plesk_Onyx_17_8_11.png

  3. On the SSL/TLS Certificates page, add your certificate:

    Note: If you are experiencing issues with a certificate installation, contact your certificate seller and ask for instruction for Plesk.

    • If an SSL certificate is stored in a single *.crt file:

      Click Browse... to select a certificate file. Then click Upload Certificate.


      Screenshot_2019-01-21_SSL_TLS_Certificates_-_Plesk_Onyx_17_8_11_1_.png

    • If an SSL certificate is stored in the form of *.key and *.crt files:

      Click Add under List of certificates in server pool and scroll down to the Upload the certificate files section and upload these files. If both the certificate and the private key parts of your certificate are contained in a *.pem file (you can check it by opening the *.pem file in any text editor), just upload it twice, both as the private key and the certificate. Click Upload Certificate once finished.


      Screenshot_2019-03-26_Add_SSL_TLS_Certificate_-_Plesk_Onyx_17_8_11.png

    • If an SSL certificate is stored as a text:

      Click Add under List of certificates in server pool and scroll down to the Upload the certificate as text section. There, paste the certificate and the private key parts into the corresponding fields. Click Upload Certificate when you have finished.


      certtext.PNG

  4. Click [Change] next to Certificate for securing Plesk > select an uploaded certificate > click OK. Now Plesk interface is secured with an SSL certificate.


    Screenshot_2019-03-26_SSL_TLS_Certificates_-_Plesk_Onyx_17_8_11_1___1_.png

 

Additional Information

Starting from Onyx 17.8, Plesk secures its hostname with a free Let's Encrypt certificate automatically, if the Let's Encrypt extension is installed and the hostname is a fully qualified domain name (FQDN) and is resolved from the Internet.

Comments

37 comments

Sort by Date Votes
  • Avatar
    Tony Hager

    I followed the instructions and got the Lets Encrypt to install and it works.

    How can you create a redirect now so when you type server.example.com into the browser it sends it to the https://server.example.com automatically?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Tony Hager

    This instruction should help: https://support.plesk.com/hc/en-us/articles/115000327829

    0
    Comment actions Permalink
  • Avatar
    b_p

    If you try to use a custom URL/domain to access the panel (https://docs.plesk.com/en-US/obsidian/deployment-guide/plesk-installation-and-upgrade-on-single-server/customizing-plesk-url.76455/), how do we need to set up Plesk so that the proper SSL certificate is provided? Right now, the general server name is server.example.com (which is used for mail access and panel access via https://server.example.com:8443), while I tried to set up a different subdomain (sub.anotherdomain.com) as Plesk URL.

    If you do so, the server does not deliver the right certificate when trying to access https://sub.anotherdomain.com, no matter whether I set the hosting type of sub.anotherdomain (in one of the subscriptions) to webhosting or no hosting.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello b_p

    To be on the same page, please let me know whether the certificate for sub.anotherdomain.com is selected at Tools & Settings > SSL/TLS Certificates > Certificate for securing Plesk? If not, please, select it.

    0
    Comment actions Permalink
  • Avatar
    b_p (Edited )

    Hi Ivan Postnikov my idea was that

    a) the server remains accessible at https://server.example.com:8443 (this is the address all existing clients know and use and this is also the smtp host name for all incoming mails) and

    b) will additionally be accessible at https://sub.anotherdomain.com (for new clients or those who update their bookmarks)

    Given that the "normal" nginx (hosting all other sites and sub.anotherdomain.com) is used as well as the sw-cp-panel nginx (for direct access to port 8443, I'd assume that this should be possible except for having to choose two different certificates.

    0
    Comment actions Permalink
  • Avatar
    Lisa Bond

    Can someone help pls I have port 8443 secured however I'm unable to secure open port 9001 which I need for my app to work can you please link me or provide solution how to ssl custom port 9001 please? Thank you

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello 

    b_p

    I see what you mean now. Yes, I believe that should be possible from a technical perspective. Feel free to submit a feature suggestion here.

    Lisa Bond

    Plesk doesn't support this custom scenario. Your App may be secured manually only.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles