Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to secure a Plesk hostname on port 8443 with an SSL certificate (Let's Encrypt / other certificate authorities)?
Answer
-
Go to Tools & Settings > SSL/TLS Certificates (under Security).
-
Click Let's Encrypt.
-
Make sure the Domain name and Email address fields contain a valid information:
-
Domain name can be a server hostname (preferable) or any other (sub)domain name hosted on the server. It will be used as an entry point to Plesk over port 8443 (for example, https://server.example.com:8443 ) for all Plesk users (customers, resellers, etc.) who have access to Plesk.
Note: The hostname/domain name must be resolved to a public IP address of the Plesk server from the Internet. If in doubt, check your hostname/domain name availability using DNS Lookup by MxToolBox.
If a domain, e.g. example.com, is using permanent www redirection, specify www.example.com as Domain name. -
Email address will be used to receive important notifications and warnings.
-
-
Click Install. At this stage, an SSL certificate from Let’s Encrypt is generated and set to secure Plesk on port 8443. This certificate will be auto-renewed every 90 days. Here is the final look:
Now, access Plesk over https://server.example.com:8443.
-
-
In Plesk, go to Tools & Settings and click SSL/TLS Certificates.
-
On the SSL/TLS Certificates page, add your certificate:
Note: If you are experiencing issues with a certificate installation, contact your certificate seller and ask for instruction for Plesk.
-
If an SSL certificate is stored in a single
*.crt
file:Click Browse... to select a certificate file. Then click Upload Certificate.
-
If an SSL certificate is stored in the form of
*.key
and*.crt
files:Click Add under List of certificates in server pool and scroll down to the Upload the certificate files section and upload these files. If both the certificate and the private key parts of your certificate are contained in a
*.pem
file (you can check it by opening the*.pem
file in any text editor), just upload it twice, both as the private key and the certificate. Click Upload Certificate once finished.
-
If an SSL certificate is stored as a text:
Click Add under List of certificates in server pool and scroll down to the Upload the certificate as text section. There, paste the certificate and the private key parts into the corresponding fields. Click Upload Certificate when you have finished.
-
-
Click [Change] next to Certificate for securing Plesk > select an uploaded certificate > click OK. Now Plesk interface is secured with an SSL certificate.
Additional Information
Starting from Onyx 17.8, Plesk secures its hostname with a free Let's Encrypt certificate automatically, if the Let's Encrypt extension is installed and the hostname is a fully qualified domain name (FQDN) and is resolved from the Internet.
Comments
37 comments
I followed the instructions and got the Lets Encrypt to install and it works.
How can you create a redirect now so when you type server.example.com into the browser it sends it to the https://server.example.com automatically?
Hello Tony Hager
This instruction should help: https://support.plesk.com/hc/en-us/articles/115000327829
If you try to use a custom URL/domain to access the panel (https://docs.plesk.com/en-US/obsidian/deployment-guide/plesk-installation-and-upgrade-on-single-server/customizing-plesk-url.76455/), how do we need to set up Plesk so that the proper SSL certificate is provided? Right now, the general server name is server.example.com (which is used for mail access and panel access via https://server.example.com:8443), while I tried to set up a different subdomain (sub.anotherdomain.com) as Plesk URL.
If you do so, the server does not deliver the right certificate when trying to access https://sub.anotherdomain.com, no matter whether I set the hosting type of sub.anotherdomain (in one of the subscriptions) to webhosting or no hosting.
Hello b_p
To be on the same page, please let me know whether the certificate for sub.anotherdomain.com is selected at Tools & Settings > SSL/TLS Certificates > Certificate for securing Plesk? If not, please, select it.
Hi Ivan Postnikov my idea was that
a) the server remains accessible at https://server.example.com:8443 (this is the address all existing clients know and use and this is also the smtp host name for all incoming mails) and
b) will additionally be accessible at https://sub.anotherdomain.com (for new clients or those who update their bookmarks)
Given that the "normal" nginx (hosting all other sites and sub.anotherdomain.com) is used as well as the sw-cp-panel nginx (for direct access to port 8443, I'd assume that this should be possible except for having to choose two different certificates.
Can someone help pls I have port 8443 secured however I'm unable to secure open port 9001 which I need for my app to work can you please link me or provide solution how to ssl custom port 9001 please? Thank you
Hello
b_p
I see what you mean now. Yes, I believe that should be possible from a technical perspective. Feel free to submit a feature suggestion here.
Lisa Bond
Plesk doesn't support this custom scenario. Your App may be secured manually only.
Please sign in to leave a comment.