Getting SSL/TLS Certificates

For security reasons, you can access your control panel only through a secure connection provided by Secure Sockets Layer-enabled hypertext transfer protocol. All data you exchange with the Plesk-managed server are encrypted, thus preventing interception of sensitive information. The SSL/TLS certificate used in the data encryption process is automatically generated and installed on the server during installation of the control panel. This is the so-called self-signed certificate: it is not signed by a recognized certificate authority (CA), therefore, upon attempt to connect to your control panel, you and your customers will see warning messages in web browsers.

Additionally, you can use an SSL/TLS certificate to secure connection to your mail server.

To gain customer confidence, you should purchase an SSL/TLS certificate from a reputable certificate authority, and install it to the control panel.

You have the following options:

  • Get a free certificate from the Let's Encrypt authority for a particular domain.
  • Use the functions for purchasing SSL/TLS certificates from Comodo, GeoTrust, Inc. or GoDaddy provided by your control panel.
  • Create a certificate signing request (CSR) from the control panel and submit it to the certificate authority of your choice, which will create an SSL/TLS certificate for you.

    Note: If you are going to use the control panel's facilities for purchasing a certificate through Plesk online store, you should not use command line tools for creating the certificate signing request.

All these ways of getting the SSL/TLS certificate are described below.

SSL_TLS_certificates

To purchase an SSL/TLS certificate from Comodo, GeoTrust, Inc. or GoDaddy through Plesk online store and secure your control panel:

  1. Go to Tools & Settings > SSL/TLS Certificates (in the Security group). A list of SSL/TLS certificates that you have in your repository will be displayed.
  2. Click Add.
  3. Specify the certificate properties:
    • Certificate name. This will help you identify this certificate in the repository.
    • Encryption level. Choose the encryption level of your SSL/TLS certificate. We recommend that you choose a value more than 1024 bit.
    • Specify your location and organization name. The values you enter should not exceed the length of 64 symbols.
    • Specify the host name for which you wish to purchase an SSL/TLS certificate. For example: your-domain.com
    • Enter your email address.
  4. Make sure that all the provided information is correct and accurate, as it will be used to generate your private key.
  5. Click Buy SSL/TLS Certificate.

    Your private key and certificate signing request will be generated. Do not delete them. Plesk login page will open in a new browser window.

  6. Register or log in to an existing Plesk account and you will be taken step by step through the certificate purchase procedure.
  7. Choose the type of certificate that you wish to purchase.
  8. Click Proceed to Buy and order the certificate. In the Approver Email drop-down box, please select the correct Approver email.

    The approver email is an email address that can confirm that certificate for specific domain name was requested by an authorized person.

  9. Once your certificate request is processed, you will be sent a confirmation email. After you confirm, the certificate will be sent to your email.
  10. When you receive your SSL/TLS certificate, save it on your local machine or network.
  11. Return to the SSL/TLS Certificates repository (Tools & Settings > SSL/TLS Certificates).
  12. Click Browse in the middle of the page and navigate to the location of the saved certificate. Select it, and then click Upload Certificate. This will upload the certificate to the repository.
  13. Select the uploaded certificate for securing Plesk or mail server as described at Securing Plesk and Mail Server.

To secure your control panel with an SSL/TLS certificate from other certificate authorities:

  1. Go to Tools & Settings > SSL/TLS Certificates (in the Security group). A list of SSL/TLS certificates that you have in your repository will be displayed.
  2. Click Add.
  3. Specify the certificate properties:
    • Certificate name. This will help you identify this certificate in the repository.
    • Encryption level. Choose the encryption level of your SSL/TLS certificate. We recommend that you choose a value more than 1024 bit.
    • Specify your location and organization name. The values you enter should not exceed the length of 64 symbols.
    • Specify the host name for which you wish to purchase an SSL/TLS certificate. For example: your-domain.com
    • Enter your email address.
  4. Make sure that all the provided information is correct and accurate, as it will be used to generate your private key.
  5. Click Request. Your private key and certificate signing request will be generated and stored in the repository.
  6. In the list of certificates, click the name of the certificate you need. A page showing the certificate properties opens.
  7. Locate the CSR section on the page, and copy the text that starts with the line -----BEGIN CERTIFICATE REQUEST----- and ends with the line -----END CERTIFICATE REQUEST----- to the clipboard.
  8. Visit the website of the certificate authority from which you want to purchase an SSL/TLS certificate, and follow the links on their site to start a certificate ordering procedure. When you are prompted to specify CSR text, paste the data from the clipboard into the online form and click Continue. The certificate authority will create an SSL/TLS certificate in accordance with the information you supplied.
  9. When you receive your SSL/TLS certificate, save it on your local machine or network.
  10. Return to the SSL/TLS Certificates repository (Tools & Settings > SSL/TLS Certificates).
  11. Click Browse in the middle of the page and navigate to the location of the saved certificate. Select it, and then click Upload Certificate. This will upload the certificate to the repository.
  12. Select the uploaded certificate for securing Plesk or mail server as described at Securing Plesk and Mail Server.

To get a free SSL/TLS certificate from Let's Encrypt:

  1. Make sure that the Let's Encrypt extension is installed in Plesk.
  2. In a subscription's settings, go to Websites & Domains > Let's Encrypt.
  3. Specify the email address that will be used for urgent notices and lost key recovery. By default, the email address of the subscription owner is used.
  4. Specify if you want to include an alternative domain name for the domain and each selected alias. For example: www.domain.tld for domain.tld. We recommend that you turn this on.
  5. If there are domain aliases, select the ones that you want to include in the certificate.
  6. Click Install to get and install the Let's Encrypt certificate for the subscription.
  7. Select the uploaded certificate for securing Plesk or mail server as described at Securing Plesk and Mail Server.

lets-encrypt-provider

In case you need to generate a self-signed certificate, follow this procedure:

  1. Go to Tools & Settings > SSL/TLS Certificates (in the Security group). A list of SSL/TLS certificates that you have in your repository will be displayed.
  2. Click Add.
  3. Specify the certificate properties:
    • Certificate name. This will help you identify this certificate in the repository.
    • Encryption level. Choose the encryption level of your SSL/TLS certificate. We recommend that you choose a value more than 1024 bit.
    • Specify your location and organization name. The values you enter should not exceed the length of 64 symbols.
    • Specify the host name for which you wish to purchase an SSL/TLS certificate. For example: your-domain.com
    • Enter your email address.
  4. Click the Self-Signed button. Your certificate will be generated and stored in the repository.

Customers can enable SSL/TLS support on their domains, add certificates, and select them in the website hosting settings (find more information at Securing Connections with SSL/TLS Certificates).

You can specify which certificate will be used by default for connection to your or your customer's domains via HTTPS.

To make a certificate default

  1. Go to Tools & Settings > SSL/TLS Certificates.
  2. Select a certificate in the list and click Make Default.

To remove a certificate

  1. Go to Tools & Settings > SSL/TLS Certificates.
  2. Select a certificate in the list and click Remove.

Note: The certificates that are currently in use for securing Plesk server, mail server, or some domains, cannot be removed.

 

Leave your feedback on this topic here

If you have questions or need support, please visit the Plesk forum or contact your hosting provider.
The comments below are for feedback on the documentation only. No timely answers or help will be provided.