This topic explains how to manually secure both Plesk and the Plesk mail server with the following certificates’ types:

  • A free SSL/TLS certificate from Let’s Encrypt.
  • An SSL/TLS certificate purchased from a certificate authority.
  • A self-signed SSL/TLS certificate.

SSL/TLS certificates protect sensitive data by encrypting connections between the client and the server. Moreover, having a valid SSL/TLS certificate is practically a requirement on today’s Internet. To improve security, Plesk and the mail server are automatically secured with a free SSL/TLS certificate from Let’s Encrypt during Plesk installation.

In most cases, this feature provides you with security and peace of mind without any actions on your part. Plesk can issue an SSL/TLS certificate from Let’s Encrypt even if the server does not have a resolvable hostname. However some glitches may happen.

If, for some reason, an SSL/TLS certificate from Let’s Encrypt was not issued, Plesk and the mail server will be automatically secured with a self-signed SSL/TLS certificate. Self-signed SSL/TLS certificates encrypt connections and protect your sensitive data from being intercepted. However they come with a drawback. Anyone visiting a Plesk server secured with a self-signed SSL/TLS certificate will see a warning telling them that the website is not trusted. This may worry your customers. To avoid this, we recommend that you manually secure Plesk and the Plesk mail server with either a free SSL/TLS certificate from Let’s Encrypt or an SSL/TLS certificate purchased from a certificate authority.

使用 Let’s Encrypt 证书保护 Plesk 和邮件服务器的安全

Let’s Encrypt is an open certificate authority providing free SSL/TLS certificates.

During Plesk installation, Plesk and the mail server are automatically secured with a free SSL/TLS certificate from Let’s Encrypt. If, for some reason, it did not happen, we recommend that you manually secure Plesk and the mail server with a Let’s Encrypt certificate.

若要使用 Let’s Encrypt 的证书保护 Plesk 和邮件服务器的安全,请如下操作:

  1. Make sure that the Let’s Encrypt extension is installed.

  2. 转入 工具与设置 > SSL/TLS 证书 (在 “安全” 下)。

  3. 点击 + Let’s Encrypt 按钮。

  4. 请务必确保在”电子邮件地址”栏中填入的邮箱地址是正确的。该邮箱地址将用于发送重要的通知信息。

  5. 点击 安装

    到此步骤,则已生成 Let’s Encrypt 的证书,并自动使用该证书保护 Plesk 的安全。

  6. 若要保护邮件服务器的安全,请点击”用于保护邮件安全的证书“旁边的 [更改] 链接。

  7. 从下拉框列表中选择 “Lets Encrypt 证书(服务器池)” ,然后点击 确定

现在 Plesk 和 Plesk 邮件服务器则都受到了 Let’s Encrypt 证书的保护。

image 78764

注解: In Plesk for Linux, when Let’s Encrypt replaces the default self-signed certificate, in Tools & Settings > SSL/TLS Certificates the name of the certificate used to secure Plesk is changed to “Lets Encrypt certificate”. In Plesk for Windows, the default certificate name is changed to “Lets Encrypt certificate” only after you reload the Tools & Settings > SSL/TLS Certificates web page in the browser.

注解: Once you secure the mail server with an SSL/TLS certificate, make sure to access mail using:

Otherwise, the mail client software may be unable to verify the mail server identity, which may cause issues when sending or receiving mail.

使用其它证书机构的证书保护 Plesk 和邮件服务器的安全

During Plesk installation, Plesk and the mail server are automatically secured with a free SSL/TLS certificate from Let’s Encrypt. If, for some reason, it did not happen, we recommend that you manually secure Plesk and the mail server with an SSL/TLS certificate from a certificate authority of your choice.

若要使用其它证书机构的证书保护 Plesk 和邮件服务器的安全,请如下操作:

  1. Go to Tools & Settings > SSL/TLS Certificates (under “Security”) and click the + Add button.

  2. 填写标有星号的字段。请特别注意下面各个字段:

    • “证书名称” 给证书起一个辨识度高的名称,以与服务器库中的其它证书相区别。
    • “比特” 比特数越多,证书越安全。我们建议使用默认值 (4096)。
    • “域名”  请务必确保在该字段中填入的名称与服务器主机名相匹配。
  3. 如果所有填入的信息都准确无误,请点击 请求

    Plesk 将生成一个私钥和证书签名请求,并将其在 “服务器池中的证书列表” 下显示。

  4. 在 “服务器池中的证书列表” 下找到证书并点击其名称。即会打开显示该证书属性的页面。

  5. Copy the whole content of the “CSR” section (including -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----) to clipboard.

  6. 访问您所选的证书机构的网站并开始订购证书。当提示您提供 CSR 时,请从剪切板粘贴数据。证书机构将会根据您提供的信息创建 SSL/TLS 证书。接收到 SSL/TLS 证书后,请将其保存到本机或本地网络上。

  7. 进入 工具与设置 > SSL/TLS 证书 ,点击 选择文件 (在 “在此处上传证书” 下),选择已保存的 .crt 文件,然后点击 上传证书

  8. 若要保护 Plesk 的安全,请点击 “用于保护 Plesk 安全的证书” 旁的 [更改] 链接。从下拉列表中选择在第 3 步骤中生成的证书,然后点击 确定

  9. 若要保护邮件服务器的安全,请在 “用于保护邮件安全的证书” 旁重复上一个步骤。

注解: Once you secure the mail server with an SSL/TLS certificate, make sure to access mail using:

Otherwise, the mail client software may be unable to verify the mail server identity, which may cause issues when sending or receiving mail.

使用自签名证书保护 Plesk 和邮件服务器的安全

As we explained earlier, it is always preferable to use an SSL/TLS certificate from Let’s Encrypt or a paid SSL/TLS certificate from a different certificate authority. However, you may want to secure Plesk and the mail server with a self-signed SSL/TLS certificate, if, for example, the certificate issued by a certificate authority has expired.

若要使用自签名证书保护 Plesk 和邮件服务器的安全,请如下操作:

  1. Go to Tools & Settings > SSL/TLS Certificates (under “Security”) and click the + Add button.
  2. 填写标有星号的字段。请特别注意下面各个字段:
    • “证书名称” 给证书起一个辨识度高的名称,以与服务器库中的其它证书相区别。
    • “比特” 比特数越多,证书越安全。我们建议使用默认值 (4096)。
    • “域名”  请务必确保在该字段中填入的名称与服务器主机名相匹配。
  3. 如果所有填入的信息都准确无误,请点击 自签名 。Plesk 将会生成一个自签名证书,且会在 “服务器池中的证书列表” 下显示。
  4. To secure Plesk, click the [Change] link next to “Certificate for securing Plesk”. Select the certificate generated during the previous step from the drop-down list, and then click OK.
  5. 若要保护邮件服务器的安全,请在 “用于保护邮件安全的证书” 旁重复上一个步骤。