How to secure a Plesk hostname on port 8443 with an SSL certificate (Let's Encrypt / other certificate authorities)

Follow

Comments

37 comments

  • Avatar
    Bulat Tsydenov

    @Sait I don't think that the issue with YUM update is the consequence of securing Plesk with an SSL certificate. Can you provide more details of YUM update issue?

    1
    Comment actions Permalink
  • Avatar
    Santiago Alejandro Gonzalez

    This worked like a charm.

     

    After assigning a Let's Encrypt certificate to a subdomain just go to Tools & Settings > SSL/TLS Certificates

    Find the option Certificate for securing Plesk and click on [Change] button right to it.

    Choose the certificate assigned to subdomain and click OK.

    1
    Comment actions Permalink
  • Avatar
    Azzam Daaboul

    Hi there,

    This should work, but when I activate "let's encrypt" the domain become un-accessable :)

    Best,

    Azzam

    1
    Comment actions Permalink
  • Avatar
    Bulat Tsydenov

    @Sait As I can see from the output you provided, it is trying to get plesk-engine package from apt.sw.be repo which is not resolvable. Try to disable the repo with apt.sw.be and initiate installation of updates again.

    1
    Comment actions Permalink
  • Avatar
    Harry

    this solution does not work when plesk admin login is installed on a subdomain, e.g.: https://subdomain.example.com:8443

    how to solve it?

     

    1
    Comment actions Permalink
  • Avatar
    Ricardo Contente

    Hi everyone.

    I was having this same issue.

    After reading so many posts and possible solutions, I finally got to fix my problem.

    1. Created a subdomain for the plesk login "vps.xx.xx" and very important is to choose what kind of host service you want for that subdomain. Here you'll choose the "no hosting" option.

    2. Under Tools and Settings -> SSL/TLS Cert. click Let's Encrypt button and enter the subdomain you have created on step 1.

    3. Under Tools and Settings -> Customize Plesk URL select the middle option "The specified domain or subdomain that resolves to the server IP address but is not used for hosting" and enter the subdomain you created for this purpose on step 1.

    After this 3 steps you be able to simple enter your subdomain.domain.xx and voila.

    This worked for me.Just to mention I'm behind an ISP / NAS Router 

    1
    Comment actions Permalink
  • Avatar
    Artyom Baranov

    Hi, Harry!

    After assigning a Let's Encrypt certificate to a subdomain just go to Tools & Settings > SSL/TLS Certificates

    Find the option Certificate for securing Plesk and click on [Change] button right to it.

    Choose the certificate assigned to subdomain and click OK.

    1
    Comment actions Permalink
  • Avatar
    Salecroix Charly

    Hi there,

    I am currently experiencing a problem with SSL encryption Let's Encrypt for plesk hostname on the server.example.com subdomain on port 8443.I am using Plesk Obsidian on Debian 8.11 with shared IP.

    Indeed, the server.example.com subdomain is currently properly secured with a Let's Encrypt SSL certificate (port 443) but on port 8443 it is an old expired Let's Encrypt SSL certificate which is used.

    However on Tools & Settings > SSL/TLS Certificates I changed the "Certificate for securing Plesk" by specifying the certificate of the server.example.com subdomain. But this has no effect.

    How can I via CLI-linux delete the expired certificate for the admin subdomain "server.example.com" and indicate the valid certificate of the subdomain server.example.com? What is the specific path to the admin certificate?

    I executed the command:
    "plesk bin certificate --assign-cert" Lets Encrypt server.example.com"-admin server.example.com -ip 192.0.2.78" but I get the message: "Unknow option 'server.example.com' :".


    Thank you in advance for your help which is welcome

    1
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Chris Collins

    Thank you for the information.

    In that case, deeper investigation is required, consider submitting a request for Plesk support to us directly or to our partner, depending on from who Plesk license was purchased.

    0
    Comment actions Permalink
  • Avatar
    Sait Kurt

    [root@sunucu yum.repos.d]# yum update -y
    Setting up Update Process
    https://autoinstall.plesk.com/PSA_17.5.3/extras-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
    Trying other mirror.
    https://autoinstall.plesk.com/NGINX17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
    Trying other mirror.
    https://autoinstall.plesk.com/PHP56_17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
    Trying other mirror.
    https://autoinstall.plesk.com/PHP70_17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
    Trying other mirror.
    https://autoinstall.plesk.com/PHP71_17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
    Trying other mirror.
    http://apt.sw.be/redhat/el6/en/x86_64/dag/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'apt.sw.be'"
    Trying other mirror.

    0
    Comment actions Permalink
  • 0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello 

    B Pfleging

    I see what you mean now. Yes, I believe that should be possible from a technical perspective. Feel free to submit a feature suggestion here.

    Lisa Bond

    Plesk doesn't support this custom scenario. Your App may be secured manually only.

    0
    Comment actions Permalink
  • Avatar
    Lev Iurev

    Hi @Azzam, please let me know the error.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Ricardo Contente

    Thank you for sharing. It may be useful for other Pleskians.

    0
    Comment actions Permalink
  • Avatar
    Sait Kurt

    Can you tell me how I can keep it disabled? apt.sw.be repo ?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Norbert Hams

    Here's how extension may be installed manually: https://docs.plesk.com/en-US/onyx/extensions-guide/plesk-extensions-basics/distributing-extensions.78770/#downloadable-file

    I can also recommend a newer extension which is just called "Advisor".

     

     

    0
    Comment actions Permalink
  • Avatar
    B Pfleging

    If you try to use a custom URL/domain to access the panel (https://docs.plesk.com/en-US/obsidian/deployment-guide/plesk-installation-and-upgrade-on-single-server/customizing-plesk-url.76455/), how do we need to set up Plesk so that the proper SSL certificate is provided? Right now, the general server name is server.example.com (which is used for mail access and panel access via https://server.example.com:8443), while I tried to set up a different subdomain (sub.anotherdomain.com) as Plesk URL.

    If you do so, the server does not deliver the right certificate when trying to access https://sub.anotherdomain.com, no matter whether I set the hosting type of sub.anotherdomain (in one of the subscriptions) to webhosting or no hosting.

    0
    Comment actions Permalink
  • Avatar
    Ekaterina Babenko

    Hello,

    the provided steps seem to be correct. If after assigning certificate it is still does not applied, please submit request to support team and we will look closer:
    https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-

    As for the command, the syntax is little bit different. To apply certificate via command line you may use steps from the following article:
    https://support.plesk.com/hc/en-us/articles/115000553793-How-to-secure-Plesk-and-mail-server-with-Let-s-Encrypt-certificate-via-CLI-

    0
    Comment actions Permalink
  • Avatar
    Bato Tsydenov

    @Sait 

    To disable repository you need to find appropriate repo file and edit it:

    1. Execute the following command to find the .repo file:
    grep apt.sw.be /etc/yum.repos.d/

    2. Open the file (i.e. some.repo) from the output in editor:
    vi /etc/yum.repos.d/some.repo

    3. Find the section with apt.sw.be in "baseurl". It will look like this:

    [apt.sw.be]
    name=apt.sw.be
    baseurl=http://apt.sw.be/redhat/el6/en/x86_64/dag/
    enabled=1
    gpgcheck=0

    4. Change "enabled" value to 0

    0
    Comment actions Permalink
  • Avatar
    Lisa Bond

    Can someone help pls I have port 8443 secured however I'm unable to secure open port 9001 which I need for my app to work can you please link me or provide solution how to ssl custom port 9001 please? Thank you

    0
    Comment actions Permalink
  • Avatar
    Tony Hager

    I followed the instructions and got the Lets Encrypt to install and it works.

    How can you create a redirect now so when you type server.example.com into the browser it sends it to the https://server.example.com automatically?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Tony Hager

    This instruction should help: https://support.plesk.com/hc/en-us/articles/115000327829

    0
    Comment actions Permalink
  • Avatar
    Chris Collins

    Yep that's how I fixed it too. 

    I've got 6 different servers with Plesk on, and one by one the SSL protecting the panel expired, even though it used the updated version of the SSL when not accessing it via port 8443. 

    The only solution was to add a new subdomain for every server, and to use the new "customize plesk URL" setting 

    I don't know if there's a deeper issue at play with the other ones all expiring, but this is a decent work around - and nicer than adding :8443 to log in.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello B Pfleging

    To be on the same page, please let me know whether the certificate for sub.anotherdomain.com is selected at Tools & Settings > SSL/TLS Certificates > Certificate for securing Plesk? If not, please, select it.

    0
    Comment actions Permalink
  • Avatar
    Chris Collins

    I am also now experiencing the same issue. 

    The domain e.g. mydomain.com is secured with the new certificate, but accessing mydomain.com:8443 uses an old expired certificate and shows the SSL browser warning.

    How can i force it to use the new one?

    0
    Comment actions Permalink
  • Avatar
    B Pfleging (Edited )

    Hi Ivan Postnikov my idea was that

    a) the server remains accessible at https://server.example.com:8443 (this is the address all existing clients know and use and this is also the smtp host name for all incoming mails) and

    b) will additionally be accessible at https://sub.anotherdomain.com (for new clients or those who update their bookmarks)

    Given that the "normal" nginx (hosting all other sites and sub.anotherdomain.com) is used as well as the sw-cp-panel nginx (for direct access to port 8443, I'd assume that this should be possible except for having to choose two different certificates.

    0
    Comment actions Permalink
  • Avatar
    Artyom Baranov

    @Marco Marsala

    Hello!

    The feature that you have reported is yet to be implemented in Plesk, thus I can suggest you take part in our product improvement by referring to the following link: https://plesk.uservoice.com/forums/184549-feature-suggestions

    The top-ranked suggestions are likely to be included in the next versions of Plesk.

     

    0
    Comment actions Permalink
  • Avatar
    Sait Kurt

    Hello there;
    I applied the existing SSL certificate and compared it to the following problem.
    Firstly I am having a plesk update problem.
    If this is causing the problem, the YUM update setup can not be done.
    I have encountered this problem since I switched to https connection.

    0
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy

    Hi Chris Collins, there could be many reasons why this happened. You may take a look here https://support.plesk.com/hc/en-us/search?utf8=%E2%9C%93&query=old+certificate or open a support ticket with us so we can troubleshoot: https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request