Applicable to:
- Plesk Onyx for Linux
- Plesk Onyx for Windows
- Plesk 12.5 for Linux
- Plesk 12.0 for Windows
- Plesk 12.5 for Windows
Question
How to install or renew SSL certificate for Plesk login page?
How to secure Plesk login page with SSL certificate?
Answer
After installation of SSL certificate, Plesk login page should be accessed by the same domain name that is specified in the certificate.
Example: for SSL certificate example.com Plesk URL should be https://example.com:8443. If different URL is typed in the web browser, it will mark such URL as insecure. Check the screenshot below for details (click on the screenshot to enlarge it):
Warning: Only Plesk Administrator is allowed to secure Plesk login page URL with SSL. If you do not have Plesk administrator access contact your server administrator.
Install free SSL certificate to Plesk login page using Let's Encrypt extension
Note: Plesk Onyx 17.8 secures hostname with SSL certificate automatically if it is FQDN and can be resolved.
Let's Encrypt allows securing Plesk URL starting from extension update 2.2.0. To install free SSL certificate provided by Let's Encrypt, follow this video guide:
Here are the detailed instructions:
- Login to Plesk.
- Install Let's Encrypt extension in Extensions menu if it is not installed.
- Go to Tools & Settings > SSL/TLS Certificates and click on Let's Encrypt button:
- Specify domain name that will be used for accessing Plesk. By default, it is a server's hostname:
Note: hostname should be resolved globally to the server IP (DNS record should exist). This may be checked using web checker (MXtoolbox: DNS lookup).
- Click Install button. If SSL was already installed for Plesk, Install button will be replaced with Renew.
- Clear web browser cache, then close the browser, start browser again and open Plesk login URL via domain name (e.g. https://example.com:8443) to see the changes.
Install paid SSL certificate from other certificate authorities to Plesk login page
To request a new SSL for Plesk hostname from other certificate authorities and upload it to Plesk for securing Plesk URL, follow steps below:
- Login to Plesk.
- Go to Tools & Settings > SSL/TLS Certificates > click Add button:
- Fill in the fields marked with the asterisk. Pay particular attention to the following fields:
- Certificate name. Give the certificate a recognizable name so you can tell it apart from other certificates in the server repository.
- Bits. The more bits, the more secure the certificate. We recommend using the default value (4096).
- Domain name. Make sure that the name in this field matches the server hostname specified in Tools & Settings > Server Settings.
- Click Request. Plesk will generate a private key and a certificate signing request and display them in under List of certificates in server pool section.
- Find the certificate under List of certificates in server pool section and click its name. This will open a page showing the certificate properties.
- Copy the whole content of the CSR section (including
-----BEGIN CERTIFICATE REQUEST----- and-----END CERTIFICATE REQUEST-----) to clipboard. - Visit the website of the certificate authority of your choice and start a certificate ordering procedure. When you are prompted for the CSR, paste the data from clipboard. The certificate authority will create an SSL/TLS certificate in accordance with the information you provided. When you receive your SSL/TLS certificate, save it on your local machine or network.
- Go to Tools & Settings > SSL/TLS Certificates, click Choose file under Upload the certificate here section, select the saved
.crtfile, and then click Upload Certificate. - To secure Plesk, click the [Change] link next to Certificate for securing Plesk section:
- Select the certificate that will be used for securing Plesk login URL from drop-down list:
- Сlick OK.
- Clear web browser cache, then close the browser, start browser again and open Plesk login page via domain name (e.g. https://example.com:8443) to see the changes.
Additional information
- How to log into Plesk interface with a password
- How to get/reset a Plesk Administrator password in Plesk for Linux
- How to retrieve/reset password of Plesk Administrator (admin) user in Plesk for Windows
- How to enable SSL support for all subscriptions on a Plesk server?
- How to install SSL certificate for a domain in Plesk?
- Securing Plesk and the Mail Server With SSL/TLS Certificates
- Let's Encrypt installation fails: Challenge marked as invalid
- Unable to renew LE certificate for domain: Let's Encrypt allows no more than 20 certificates to be issued per registered domain
Comments
17 comments
Hi there,
This should work, but when I activate "let's encrypt" the domain become un-accessable :)
Best,
Azzam
Hi @Azzam, please let me know the error.
this solution does not work when plesk admin login is installed on a subdomain, e.g.:
https://subdomain.example.com:8443how to solve it?
Hi, Harry!
After assigning a Let's Encrypt certificate to a subdomain just go to Tools & Settings > SSL/TLS Certificates
Find the option Certificate for securing Plesk and click on [Change] button right to it.
Choose the certificate assigned to subdomain and click OK.
Hi Artyom,
i can confirm it works.
looks like it is now also updated in this article.
thx!
It should automatically remove the "Default Certificate" and/or set the Let's Encrypt certificate as default.
The Let's Encrypt certificate should be automatically applied to mail too (and in such casem if hostname is changed, the certificate should be automtically reissued or at least a warning should be generated)
@Marco Marsala
Hello!
The feature that you have reported is yet to be implemented in Plesk, thus I can suggest you take part in our product improvement by referring to the following link: https://plesk.uservoice.com/forums/184549-feature-suggestions
The top-ranked suggestions are likely to be included in the next versions of Plesk.
Hello there;
I applied the existing SSL certificate and compared it to the following problem.
Firstly I am having a plesk update problem.
If this is causing the problem, the YUM update setup can not be done.
I have encountered this problem since I switched to https connection.
@Sait I don't think that the issue with YUM update is the consequence of securing Plesk with an SSL certificate. Can you provide more details of YUM update issue?
[root@sunucu yum.repos.d]# yum update -y
Setting up Update Process
https://autoinstall.plesk.com/PSA_17.5.3/extras-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
Trying other mirror.
https://autoinstall.plesk.com/NGINX17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
Trying other mirror.
https://autoinstall.plesk.com/PHP56_17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
Trying other mirror.
https://autoinstall.plesk.com/PHP70_17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
Trying other mirror.
https://autoinstall.plesk.com/PHP71_17/dist-rpm-CentOS-6-x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
Trying other mirror.
http://apt.sw.be/redhat/el6/en/x86_64/dag/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'apt.sw.be'"
Trying other mirror.
@Sait As I can see from the output you provided, it is trying to get plesk-engine package from apt.sw.be repo which is not resolvable. Try to disable the repo with apt.sw.be and initiate installation of updates again.
Can you tell me how I can keep it disabled? apt.sw.be repo ?
@Sait
To disable repository you need to find appropriate repo file and edit it:
1. Execute the following command to find the .repo file:
grep apt.sw.be /etc/yum.repos.d/
2. Open the file (i.e. some.repo) from the output in editor:
vi /etc/yum.repos.d/some.repo
3. Find the section with apt.sw.be in "baseurl". It will look like this:
[apt.sw.be]
name=apt.sw.be
baseurl=http://apt.sw.be/redhat/el6/en/x86_64/dag/
enabled=1
gpgcheck=0
4. Change "enabled" value to 0
@Amir Tal,
Hello! Just click the blue "Feedback" button on the right side of the page.
You will see the following pop-up window:
You may provide us with your idea regarding the article improvement there.
Hi I cant access this page
Hello @Pascu,
Thank you for noticing.
This article is currently under review. For now, this link will be hidden.
Please sign in to leave a comment.