This topic explains how to manually secure both Plesk and the Plesk mail server with the following certificates』 types:

  • A free SSL/TLS certificate from Let’s Encrypt.
  • An SSL/TLS certificate purchased from a certificate authority.
  • A self-signed SSL/TLS certificate.

SSL/TLS certificates protect sensitive data by encrypting connections between the client and the server. Moreover, having a valid SSL/TLS certificate is practically a requirement on today’s Internet. To improve security, Plesk and the mail server are automatically secured with a free SSL/TLS certificate from Let’s Encrypt during Plesk installation.

In most cases, this feature provides you with security and peace of mind without any actions on your part. Plesk can issue an SSL/TLS certificate from Let’s Encrypt even if the server does not have a resolvable hostname. However some glitches may happen.

If, for some reason, an SSL/TLS certificate from Let’s Encrypt was not issued, Plesk and the mail server will be automatically secured with a self-signed SSL/TLS certificate. Self-signed SSL/TLS certificates encrypt connections and protect your sensitive data from being intercepted. However they come with a drawback. Anyone visiting a Plesk server secured with a self-signed SSL/TLS certificate will see a warning telling them that the website is not trusted. This may worry your customers. To avoid this, we recommend that you manually secure Plesk and the Plesk mail server with either a free SSL/TLS certificate from Let’s Encrypt or an SSL/TLS certificate purchased from a certificate authority.

使用 Let’s Encrypt 證書保護 Plesk 和郵件伺服器的安全

Let’s Encrypt is an open certificate authority providing free SSL/TLS certificates.

During Plesk installation, Plesk and the mail server are automatically secured with a free SSL/TLS certificate from Let’s Encrypt. If, for some reason, it did not happen, we recommend that you manually secure Plesk and the mail server with a Let’s Encrypt certificate.

若要使用 Let’s Encrypt 的證書保護 Plesk 和郵件伺服器的安全,請如下操作:

  1. Make sure that the Let’s Encrypt extension is installed.

  2. 轉入 工具與設定 > SSL/TLS 證書 (在 “安全” 下)。

  3. 點按 + Let’s Encrypt 按鈕。

  4. 請務必確保在」電子郵寄地址」欄中填入的郵箱位址是正確的。該郵箱位址將用於發送重要的通知資訊。

  5. 點按 安裝

    到此步驟,則已生成 Let’s Encrypt 的證書,並自動使用該證書保護 Plesk 的安全。

  6. 若要保護郵件伺服器的安全,請點按」用於保護郵件安全的證書“旁邊的 [更改] 連結。

  7. 從下拉清單列表中選擇 “Lets Encrypt 證書(伺服器池)” ,然後點按 確定

現在 Plesk 和 Plesk 郵件伺服器則都受到了 Let’s Encrypt 證書的保護。

image 78764

備註: In Plesk for Linux, when Let’s Encrypt replaces the default self-signed certificate, in Tools & Settings > SSL/TLS Certificates the name of the certificate used to secure Plesk is changed to “Lets Encrypt certificate”. In Plesk for Windows, the default certificate name is changed to “Lets Encrypt certificate” only after you reload the Tools & Settings > SSL/TLS Certificates web page in the browser.

備註: Once you secure the mail server with an SSL/TLS certificate, make sure to access mail using:

Otherwise, the mail client software may be unable to verify the mail server identity, which may cause issues when sending or receiving mail.

使用其它證書機構的證書保護 Plesk 和郵件伺服器的安全

During Plesk installation, Plesk and the mail server are automatically secured with a free SSL/TLS certificate from Let’s Encrypt. If, for some reason, it did not happen, we recommend that you manually secure Plesk and the mail server with an SSL/TLS certificate from a certificate authority of your choice.

若要使用其它證書機構的證書保護 Plesk 和郵件伺服器的安全,請如下操作:

  1. Go to Tools & Settings > SSL/TLS Certificates (under 「Security」) and click the + Add button.

  2. 填寫標有星號的欄位。請特別注意下面各個欄位:

    • “證書名稱” 給證書起一個辨識度高的名稱,以與伺服器庫中的其它證書相區別。
    • “比特” 比特數越多,證書越安全。我們建議使用預設值 (4096)。
    • “域名”  請務必確保在該欄位中填入的名稱與伺服器主機名稱相匹配。
  3. 如果所有填入的資訊都準確無誤,請點按 請求

    Plesk 將生成一個私密金鑰和證書簽名請求,並將其在 “伺服器池中的證書清單” 下顯示。

  4. 在 “伺服器池中的證書列表” 下找到證書並點按其名稱。即會打開顯示該證書屬性的頁面。

  5. Copy the whole content of the “CSR” section (including -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----) to clipboard.

  6. 存取您所選的證書機構的網站並開始訂購證書。當提示您提供 CSR 時,請從剪下板貼上資料。證書機構將會根據您提供的資訊創建 SSL/TLS 證書。接收到 SSL/TLS 證書後,請將其保存到本機或本地網路上。

  7. 進入 工具與設定 > SSL/TLS 證書 ,點按 選擇文件 (在 “在此處上傳證書” 下),選擇已保存的 .crt 文件,然後點按 上傳證書

  8. 若要保護 Plesk 的安全,請點按 “用於保護 Plesk 安全的證書” 旁的 [更改] 連結。從下拉清單中選擇在第 3 步驟中生成的證書,然後點按 確定

  9. 若要保護郵件伺服器的安全,請在 “用於保護郵件安全的證書” 旁重複上一個步驟。

備註: Once you secure the mail server with an SSL/TLS certificate, make sure to access mail using:

Otherwise, the mail client software may be unable to verify the mail server identity, which may cause issues when sending or receiving mail.

使用自簽章憑證保護 Plesk 和郵件伺服器的安全

As we explained earlier, it is always preferable to use an SSL/TLS certificate from Let’s Encrypt or a paid SSL/TLS certificate from a different certificate authority. However, you may want to secure Plesk and the mail server with a self-signed SSL/TLS certificate, if, for example, the certificate issued by a certificate authority has expired.

若要使用自簽章憑證保護 Plesk 和郵件伺服器的安全,請如下操作:

  1. Go to Tools & Settings > SSL/TLS Certificates (under 「Security」) and click the + Add button.
  2. 填寫標有星號的欄位。請特別注意下面各個欄位:
    • “證書名稱” 給證書起一個辨識度高的名稱,以與伺服器庫中的其它證書相區別。
    • “比特” 比特數越多,證書越安全。我們建議使用預設值 (4096)。
    • “域名”  請務必確保在該欄位中填入的名稱與伺服器主機名稱相匹配。
  3. 如果所有填入的資訊都準確無誤,請點按 自簽名 。Plesk 將會生成一個自簽章憑證,且會在 “伺服器池中的證書清單” 下顯示。
  4. To secure Plesk, click the [Change] link next to “Certificate for securing Plesk”. Select the certificate generated during the previous step from the drop-down list, and then click OK.
  5. 若要保護郵件伺服器的安全,請在 “用於保護郵件安全的證書” 旁重複上一個步驟。