Important Facts About and How to Upgrade to Plesk Onyx
Ensure your Plesk SUS or Software Update Service is active.
Check your Plesk version (see how).
For Plesk 11.0.9 or later, click here for upgrade instructions.
For Plesk 10 or earlier, please consider migrating instead.
See the flowchart below to see if you can upgrade your Plesk server to Plesk Onyx 17.8:
Need help? Our technical support team is happy to help!
- You can upgrade to Plesk Onyx from Plesk 11.0.9 or later. If you have an earlier Plesk version, please consider migrating instead.
- If you have been using Plesk Onyx preview builds prior to the official release (October 11), we strongly recommend to either re-install Plesk or to install Plesk on a different server and migrate the data there if necessary. Though it is possible to upgrade to the Plesk Onyx release version from a preview build, we strongly recommend not to run preview builds in production.
- Plesk Onyx supports recovery from backups created in Plesk 11.x or later. If you have a backup created in Plesk 9.x or 10.x, please consider migrating from the original server.
- Support for Ubuntu 12.04 discontinues in Plesk 17.5. If your Plesk installation is working on an Ubuntu 12.04 system, please consider migrating instead.
- During an upgrade all installed extensions will also be upgraded to the latest versions.
- On Plesk 17.0 all installed extensions will be upgraded to latest versions within 3 days since March 23, 2017.
- Starting with Plesk Onyx 17.8, we retire the Security Advisor extension and replace it with the Advisor extension. We designed it from the ground up as the logical next step in Security Advisor’s evolution. Where Security Advisor merely pointed out potential security issues, the new extension gives you tips about best practices regarding performance, SEO, and more. In addition, Advisor automatically rates your server, giving you a useful metric that helps you understand how far is your server from the perfect condition. Note: The Security Advisor extension is no longer supported in Plesk Onyx 17.8 and later. If you have Security Advisor installed on a server with Plesk Onyx 17.5 or earlier, it is automatically replaced with Advisor when you upgrade to Plesk Onyx 17.8.
- For the time being, Plesk Onyx 17.8 is not compatible with the Plesk Multi Server extension. This means two things:
- You cannot use Plesk Onyx 17.8 servers as either management or service nodes in a Plesk Multi Server environment. You can only use Plesk Multi Server with Plesk Onyx 17.0 and 17.5.
- If your Plesk server acts as a management or service node in a Plesk Multi Server environment, you cannot upgrade it to Plesk Onyx 17.8. The reason behind this change is that we have significantly reworked and improved Plesk XML API in Plesk Onyx 17.8, which made it no longer compatible with Plesk Multi Server. We will decide whether to make Plesk Onyx 17.8 compatible with Plesk Multi Server after the Plesk Onyx 17.8 RTM release.
- Starting with Plesk Onyx 17.8, we begin marking PHP 5.2, 5.3, 5.4, and 5.5 as outdated in the Plesk interface. These PHP versions have been EOL’ed by the vendor a long time ago but are still used in Plesk. Using outdated PHP versions is unsafe, and we encourage you to switch to PHP 5.6 or later to keep your server safe and secure.
- Starting with Plesk Onyx, WordPress Toolkit is a Plesk Extension. This change will not impact your user experience. WordPress Toolkit can still be installed as a component via Plesk Installer and it is also a part of the “Recommended” Plesk installation. The licensing terms are unchanged.
plesk bin admin --show-passwordhas been deprecated for security reasons, and will no longer be supported starting with Plesk Onyx. Instead, please use the
plesk loginutility to retrieve the Plesk login credentials via the command line.
- The DomainKeys feature was replaced with the DKIM feature that fully substitutes its functionality. After upgrading to Plesk Onyx, DKIM will be automatically enabled on all domains with DomainKeys enabled. On Linux, DKIM will continue using the RSA key pair originally issued for DomainKeys. On Windows, a new RSA key pair will be generated for DKIM during the upgrade.
- Starting with Plesk Onyx, whenever a customer is removed, all associated backups in the Plesk repository are removed as well.
- New Git extension of Plesk Onyx transparently replaces the previous Gitman extension during upgrade to Plesk Onyx. The old Gitman extension won’t be available for Plesk Onyx, as the new Git extension fully replaces it.
- Please use the new Plesk Migrator extension even if the old Plesk Migration Manager (also known as PMM) is installed on your server. The new Plesk Migrator can be installed via Plesk Installer.
- Changes were made to prevent the CVE-2015-8994 vulnerability in PHP 5.5, 5.6, 7.0, and 7.1. For details, see the release notes.
- Autoinstaller now adds the Plesk Extras repository to the list of registered
aptrepositories, so, starting with Plesk Onyx, third-party and extra packages can be updated via
- EZ Templates Repository is no longer registered by default starting with Plesk Onyx. See the knowledge base for the instructions how to register the repository.
- The set of available EZ Templates was slightly changed:
cf-supporttemplate was removed (the ColdFusion component has not been supported starting with Plesk 12.5)
- new templates were introduced:
docker- Docker Plesk extension
git- Git Plesk extension
nodejs- NodeJS Plesk extension
php70- PHP 7.0
resource-controller- System Resource Usage Limits feature
ruby- Ruby Plesk extension
letsencrypt- Let’s Encrypt Plesk extension
- Major version EZ templates will switch to Plesk Onyx 17.5 by March 23, 2017.
- Version-free EZ templates will switch to Plesk Onyx 17.5 by the date of general availability (GA) release.
websrvmngutilities were moved from the
admin\binfolder into the
- Starting with Plesk Onyx, the following IIS role services will no longer be installed by Plesk:
- IIS Metabase and IIS 6 configuration compatibility
- IIS 6 WMI Compatibility
- IIS 6 Scripting Tools
If you need these components for scripts, please install them manually.
- IIS w3svc logs were moved from the
\logsfolder to the
\logsfolder is now writable by the system user and the IIS pool user.
- Starting with Plesk Onyx 17.5, PHP 5.3, 5.4, and 5.5 are removed from the Typical (Recommended) installation. You can still install these versions manually.
Starting with Plesk Onyx 17.8, we are removing the option to upload and install license files via the Plesk GUI. If you want to activate Plesk licenses via the Plesk GUI, you can use activation keys instead. You can still upload and install license files via the command line, so any scripts or other automation tools using Plesk CLI to manage Plesk license will continue to work as if nothing has happened.
Note: If you absolutely must have the ability to upload and install license files via the Plesk GUI in Plesk Onyx 17.8, you can enable it by adding the following lines to the panel.ini configuration file:
fileUpload = true
- Starting with Plesk Onyx 17.8, Plesk no longer supports Virtuozzo EZ templates. The reason behind this change is that we adopted an embedded deduplication mechanism that made EZ templates redundant by providing the same RAM and disk space savings EZ templates were popular for. If you use EZ Templates to install or update Plesk, we recommend to install and update Plesk using Plesk Autoinstaller. Read more about the available Plesk Onyx 17.8 installation options:
- Starting with Plesk Onyx 17.8, you can no longer upgrade to the latest Plesk version if your server is running Plesk 11.x or earlier. We did it because Plesk 11.0 and 11.5 have reached End-of-life on December 13, 2016, and their usage among the Plesk users has been steadily declining. If you are running Plesk 11.x and wish to upgrade it to Plesk Onyx 17.8, you can choose from two options:
- Migrate your Plesk 11.x instance to Plesk Onyx 17.8 using Plesk Migrator.
- Upgrade to Plesk 17.5, and then update your Plesk 17.5 instance to Plesk Onyx 17.8.
For a better idea about possible upgrade path from Plesk 11.x to Plesk Onyx 17.8, refer to the table below:
- Starting with Plesk Onyx 17.8, we no longer support mod_php, mod_python, and mod_perl. Although just a few years ago these modules were popular and widely used, they have since been deprecated and their use is not recommended. In addition, they present security risks for the following reasons:
- File security. mod_php, mod_perl, and mod_python run under the identity of Apache. Scripts executed by these engines can access anything the server user can, including files containing confidential personal data owned by a different domain.
- Security of database connections. DBI connections of other users can be hijacked. Since all users can read each other’s code, database usernames and passwords could be exposed to every user.
- Potential system compromise. Security issues in the Apache code can lead to the whole server being compromised.
We strongly advise against using these modules on production servers. If you are updating to Plesk Onyx 17.8 from an earlier Plesk version and you have these modules installed, they will still be available and manageable until you switch to a different, recommended, module, like mod_fcgid. To switch to a different engine, you need to do the following:
- Update your websites to use some other engine, like FastCGI, in PHP settings.
- Disable mod_php, mod_perl, and mod_python in “Tools&Settings” > “Apache Web Server” > “Apache modules”.
- Starting with Plesk Onyx 17.8, we no longer support Debian 7, for the following reasons:
- This OS is outdated, with regular vendor support for “Wheezy” having ended in April 2016 and long-term-support provided by volunteers ending on May 31, 2018.
- The number of Debian 7 servers running Plesk is very low.
If you are running Plesk on Debian 7, we recommend either migrating to a different OS using Plesk Migrator or running distupgrade to upgrade your Debian 7 instance (with the ability to upgrade from Debian 8 to Debian 9 in future).
Starting with Plesk Onyx 17.8, we will drop support for Tomcat. The Tomcat implementation in Plesk leaves a lot to be desired, but the low demand for this feature made investing in it impractical. Tomcat usage among Plesk users has been steadily declining over the years, and our data does not show any evidence that this trend is going to change. Plesk Onyx 17.5 and earlier will continue to fully support Tomcat until their EOL date.
If you are using Tomcat on your Plesk server, it will remain operational after you upgrade to Plesk Onyx 17.8, but will no longer be able to configure and manage it. Java Tomcat applications will be available via 9080 port only and will not be available via http/https. To continue using Tomcat in Plesk Onyx 17.8, you can develop your own Tomcat extension using the Plesk Extensions SDK. You can also completely remove Tomcat from your server.
- Starting with Plesk Onyx 17.5, Ubuntu 12.04 is no longer supported. If you are running Plesk on this OS and want to upgrade to the latest Plesk Onyx release, consider migrating to a Plesk server running a supported OS. You can also perform the dist-upgrade procedure to upgrade to Ubuntu 14.04 which Plesk Onyx 17.5 supports.
- Starting with Plesk Onyx 17.0, IE 9 and IE 10 are not supported. Please consider using more modern browsers.
- Customer and Business Manager (CBM) was removed from Plesk Onyx distribution and is no longer supported by Plesk because it is now owned, maintained, and supported by Odin (subsidiary of Ingram Micro). If you were using CBM, we recommend to uninstall it before upgrading to Plesk Onyx and to switch to a different billing and provisioning system.
- Virtuozzo application templates on Windows are no longer supported due to extremely low use. If you were using them to install Plesk, we recommend installing and upgrading Plesk using Plesk Installer.
- 32-bit operating systems are not supported by Plesk Onyx due to lack of popularity and reduced efficiency. If you are using a 32-bit operating system to run Plesk, we recommend migrating your Plesk installation to a Plesk Onyx server running the 64-bit version of the same distribution.
- CentOS 5 / Red Hat Enterprise Linux 5 / CloudLinux 5 are no longer supported because these operating systems are not popular among Plesk users and will soon become obsolete and unsupported. If you are using one of these operating systems to run Plesk, we recommend migrating your Plesk installation to CentOS 7, Red Hat Enterprise Linux 7, or CloudLinux 7, respectively.
- Microsoft Windows 2008 is no longer supported. If you used this operating system to run Plesk, we recommend migrating your Plesk installation to Microsoft Windows Server 2012 R2.
- ASP.NET 1.1 is no longer supported in Plesk for Windows. If you are upgrading to Plesk Onyx from an earlier Plesk version, you will still have ASP.NET 1.1 handlers available on your sites. However, ASP.NET 1.1 will be removed after any reconfiguration of these sites. If this happens, Plesk will switch to ASP.NET 2.0 or 4.0, depending on the OS version.
- Plesk Onyx does not support SmarterMail 9.x or earlier. We strongly recommend upgrading SmarterMail to version 10.x or later before upgrading to Plesk Onyx.
- Miva scripting is no longer supported due to very low usage among Plesk users. If you’re using Miva, your sites and servers using Miva might be able to continue using it after upgrade to Plesk Onyx, but we do not guarantee that they will function correctly. We suggest using Plesk 12.5 if you need Miva support in Plesk.
- Plesk Onyx no longer supports Unity Mobile. If you were using Unity Mobile, please try to find a different solution for creating mobile versions of your websites.
Known Issues and Limitations
Mail server SSL/TLS certificate support:
- At the moment, removal of SSL/TLS certificates from the mail server is not supported. As a workaround, you can replace the currently used certificate with a self-signed certificate.
- Key management for DKIM is not available, so existing keys cannot be imported. The keys are generated automatically when you use DKIM.
- DKIM is not supported for MailEnable version 9.16 and earlier.
- SRS is supported only for Postfix on Linux and for SmarterMail and IceWarp on Windows.
- The DNSSEC functionality is available only on Linux OSes with BIND version 9.9 and later.
- Key management is not available, so existing keys cannot be imported. The keys are generated automatically when you use DNSSEC.
- At the moment, backup and restore of data related to domain signing is not available. This will be fixed in further updates.
- Changing the rollover procedure methods is not supported. The key rollover method used by Plesk is described here. Other methods may be added in the future if there is a demand for it.
- Automatic update of the DS resource record in parent domain zones is not supported. As a workaround, you can work with a child domain zone and correct the corresponding DNS record in the parent domain zone manually.
- Verification of authentication chain is not supported. This functionality may be added in future if there is demand for it.
- DNSSEC feature requires an add-on license.
- The Docker functionality is available to Plesk Administrators only.
- Plesk does not restrict access to container’s ports.
- Docker is supported in Plesk for the following operating systems: CentOS 7, Red Hat 7, Debian 8, Ubuntu 14.04, and Ubuntu 16.04. In Plesk for Windows, you can use Docker installed on a remote machine (see Using Remote Docker).
- Docker is not available on VZ6. You can activate Docker support for VPS using https://openvz.org/Docker_inside_CT but this feature is experimental and is not supported.
- Docker containers in Plesk cannot be migrated or backed up. However, you can back up data used by containers (see Container Settings), or download snapshots.
- Remote Docker nodes functionality requires an add-on license, local Docker is available for free.
System Resources Usage Limits:
- This functionality is available only for Linux OSes: Debian 8, Ubuntu 16.04, CentOS 7, and Red Hat Enterprise Linux 7.
- Debian 8 does not support CPU & RAM limits because these aspects are blocked by vendor. However, you can enable RAM limits via the following boot option:
- Resource Controller EZ templates are not available for VZ6, however, you can install the controller manually.
- Resource Controller inside VPS on VZ6 can only manage the RAM limit.
- Resource Controller cannot control the Phusion Passenger application server. Thus, modern Ruby/Python/NodeJS applications cannot be limited.
- Manual activation of the feature is required - to do this, you need to start Resource Controller at ‘Tools & Settings -> Service management’.
- System Resource limits management requires an add-on license, it is available in Hosting Pack or can be installed separately.
System Updates Tool:
- This functionality does not include
aptrepository management. Please use the operating system means to manage your repositories.
- Locking of packages is not based on native OS means (
dpkg), so native package managers will ignore these locks if you run them directly. The packages will be locked only when you update packages via the System Updates Tool.
- When EZ templates are used for installation on VZ, package repositories are set to “undefined”. This means that the first package updates will be installed from any repository. After that, the “safe updates” feature will work in the regular mode.
- This feature is supported in Plesk for Windows only.
- The feature requires an add-on license.
- Cloning is not supported for multisite installations on Windows.
- Data synchronization does not include
- WordPress cannot be installed to a path where APS WordPress has been installed before, because the latter does not remove
- If two or more instances of WordPress use the same database, removing an instance also removes the database, thus breaking the other instances.
- The links in “Buy Now” button can be redirected via
panel.inionly if they lead to go.plesk.com.
- User votes are displayed in the Extension Catalog with a delay.
- The option to include alternative domain names with
www.prefix affects the whole list of domains, included in the certificate (that is, the main domain and selected aliases) and does not allow to select from that list.
- The extension does not notify you if it fails to renew a certificate. Indeed, the Let’s Encrypt CA will send an email, allowing you to take actions before the certificate expires.
- Instead of Сertbot, the extension is now using an internal ACME client. Some undocumented features, based on Сertbot, are no longer supported.
Most certbot options, defined in
cli.ini, will be ignored.
- The Security Advisor extension does not support domain aliases yet.