Browse by Category

360 Monitoring
0
AccelerateWP
12
Account & Billing
86
Backups
24
Cloudflare FAQs
19
CodeGuard Backup
0
cPanel
120
cPanel Databases
10
cPanel File Manager
35
cPanel Git
0
cPanel Resellers
11
Domain & DNS
111
Drupal
1
Email Hosting
85
FAQs
5
Joomla
2
Koality
0
Linux Administration
104
Plesk
92
Reseller Hosting
40
SEO Optimization
1
Sitejet
0
SiteLock
11
SitePad
1
Softaculous
45
SolusVM
0
Spam Experts
20
SSL/TLS
1
Web Apps
1
Web Hosting Addons
3
Website Security
60
Webuzo
0
Weebly Builder
6
WHMCS
35
WordPress
87
WP Squared
26
XOVI SEO
5

  Browse by Category

  Idea Storm

wordpress beginner wordpress tutorial wordpress guide wordpress hosting wp squared web hosting wp plugin phpMyAdmin cpanel hosting dns file manager backups terminal cli domain forwarding cloudflare User Management Permissions cPanel Web Hosting Security cPanel UAPI Server Migration Apache Directives Apache Migration htaccess PHP End of Life PHP CGIEmail Web Scripting Security Vulnerabilities Scripting Languages cPanel Email Management Web Hosting Management Email Quotas cPanel Interface Account Management cPanel Login cPanel Security Two-Factor Authentication Login Issues Cloudflare Configuration Troubleshooting Tips Domain Forwarder Email Forwarding File Management cPanel File Manager File Deletion Custom Error Pages cPanel Error Pages HTTP Status Codes Git Version Control Command Line (CLI) cPanel Metrics Awstats Resource Utilization Webalizer Website Statistics Email Configuration Email Ports cPanel Email Accounts cPanel Subdirectory Web Hosting Manager cPanel Webmail Mod_Pagespeed FTP Accounts Website Management File Sharing Team Collaboration Security SSH cPanel Backup IP Blocking Website Security Website Protection Email Security Multi-Factor Authentication cPanel Language SPF DKIM DMARC Email Deliverability cPanel Email Forwarding SFTP cPanel Team User User Roles cPanel Permissions DNSSEC DNS Security Domain Alias Addon Domains cPanel File Management Subdomains Alias Domains Email Autoresponders Mailing Lists Image Optimization Website Performance Image Editing Troubleshooting Browser Cache cPanel Terminal Command-Line Interface Data Security Download Files File Compression Website Migration DNS Management Website File Editing Text Editors ModPagespeed Website Optimization Domain Alias Redirection Website Traffic Management Domain Redirection SSL/TLS Certificate Installation AutoSSL Troubleshooting HTTPS Encryption cPanel SSL/TLS Status Secure Website Traffic File Extraction File Upload SSL/HTTPS Performance Optimization SSL/HTTPS Redirection Domain Hosting DNS Configuration Domain Security cPanel Zone Editor cPanel Username cPanel Password cPanel Access WebHostingM Support WHM Access Reseller Control Panel Web Host Manager Reseller Hosting Webmail Login Email Management Webmail Access cPanel Login Accessing cPanel cPanel Sub-Accounts Access Control SSH Login Security Enhancement CDN Integration WordPress Optimization API Key Management Payment Billing Promotional Credits Coupons Hosting Orders Verification Auto-Renewals Late Fees Bandwidth GST WebSpace SEPA PayPal Cancellation Suspension Email Address Password Reset Refunds Money-Back Guarantee Domain Transfer Domain Renewals Upgrade Paystack Hosting Support Language VAT Taxes Discounts Credit Card ACH Invoices Hosting Trial AccelerateWP WordPress XML-RPC FTP/SFTP REST API WordPress Toolkit Softaculous PHP X-Ray WordPress Plugins Databases Wo Plesk mod_lsapi CloudLinux Google Workspace mod_security nginx Imunify360 Joomla Drupal CodeGuard Jetbackup Roundcube BoxTrapper Horde Domain Management WHM Domain Registration Domain Suspension PowerDNS rDNS CNAME BIND MySQL Inodes WordPress Migration MTA-STS 2FA Dedicated IP Support Ticket SitePad Website Builder 301 Redirect Naked Domain Redirect WHMCS Cron WHMCS License WHMCS Security WHMCS Automation WHMCS Migration SEO XOVI Now Weebly Website Builder SpamExperts SiteLock ModSecurity Fail2Ban phpinfo SpamAssassin atop Plesk PHP settings Migration Firewall PHP Configuration Plesk File Manager Plesk FTP AlegroCart Backup Restoration Scheduled Backup Hostname Postfix SMTP CageFS OpCache EasyApache 4 WebHostingM Name Servers Contact Information Management Search Engine Indexing Email Issues catch-all-address Quota Plesk Security error-troubleshooting

  Support

Your Support Tickets
News & Announcements
Knowledgebase
Downloads
Network Status
New Ticket

How to Create a Domain, Issue Let's Encrypt, and Configure DANE with TLSA Records in Plesk Make it Rain Paper

  • DNS, DNS Configuration, DNS Management
  • 0

Pre-requirements

  • Administrator access to the Plesk control panel.
  • Root or sudo access to the server via SSH.
  • Basic knowledge of DNS records, SSL certificates, and email security (DANE).
  • Installed hash-slinger package for generating TLSA records.
  • DNSSEC support on your domain's DNS.

Introduction

In this guide, you will learn how to create a domain in Plesk, issue a Let's Encrypt certificate, and configure DNSSEC and DANE (DNS-based Authentication of Named Entities) using TLSA records. DANE ensures secure email communication through cryptographic authentication tied to the DNS system.

Step 1: Create a Domain in Plesk

  1. Log into the Plesk control panel.
  2. Navigate to Domains and click Add Domain.
  3. Enter example.com as the domain name and complete the setup steps.

Step 2: Issue a Let's Encrypt Certificate for the Domain

  1. Navigate to Domains > example.com > SSL/TLS Certificates.
  2. Click Get it free under the Let's Encrypt section.
  3. Follow the instructions to issue the Let's Encrypt certificate for the domain.

Step 3: Install the hash-slinger Package

The hash-slinger package is required to generate the TLSA record. To install it, follow these steps:

Linux Command to Install hash-slinger

# For CentOS/RHEL
yum install hash-slinger

# For Ubuntu/Debian
sudo apt-get install hash-slinger

Step 4: Find the Certificate File for the Domain

Once the certificate is issued, locate the certificate file for example.com using the following command:

Linux Command to Find the Certificate File

plesk db "select cert_file from certificates where name like '%example.com%'"

This command will return the name of the certificate file, which you will use in the next step.

Step 5: Generate the TLSA Record for Mail Server

    1. Switch to the directory where the certificate files are stored:
cd /usr/local/psa/var/certificates/
    1. Using the certificate file name from Step 4, generate a TLSA record for mail.example.com on port 25:
tlsa --create --selector 1 -p25 --certificate [certificate-file-name] mail.example.com

Note: Replace [certificate-file-name] with the name of the certificate file you found in Step 4.

Step 6: Add the TLSA Record in Plesk

  1. Go to Domains > example.com > Hosting & DNS > DNS.
  2. Click Add Record.
  3. Using the TLSA values generated in Step 5, create a new TLSA record for mail.example.com.
  4. Click OK to save and apply the changes.

Step 7: Install and Enable DNSSEC

  1. Navigate to Extensions > Extensions Catalog > DNS.
  2. Find the DNSSEC extension and click Get It Free to install it.
  3. Once installed, go to Domains > example.com > Hosting & DNS > DNSSEC.
  4. Click Sign the DNS Zone to enable DNSSEC.

Note: For DNSSEC, choose the algorithm RSASHA256 to secure the DNS zone.

Step 8: Verify DANE Configuration

After configuring the TLSA record and enabling DNSSEC, verify that DANE is properly set up using the DANE Validator tool:

  1. Go to MailHardener DANE Validator.
  2. Enter mail.example.com and click Inspect.
  3. The tool will show the configured TLSA DNS record and report if DANE is properly configured for your mail server.

Gotchas to Avoid

  • Ensure the hash-slinger package is installed on your system before generating TLSA records.
  • Verify that your DNS provider supports DNSSEC and that it is properly configured.
  • Ensure that the DNS records for mail.example.com are propagated before verifying DANE.

Linux Commands for Managing Certificates and TLSA Records

Find Certificate File

plesk db "select cert_file from certificates where name like '%example.com%'"

Generate TLSA Record

tlsa --create --selector 1 -p25 --certificate [certificate-file-name] mail.example.com

Verify DNSSEC

Use dig to verify that DNSSEC is properly configured:

dig +dnssec example.com

By following this guide, you have successfully created a domain in Plesk, issued a Let's Encrypt certificate, configured DNSSEC, and set up a TLSA record for DANE. Ensuring proper DNSSEC and DANE configuration enhances email security by providing cryptographic authentication for your mail server. For more information on secure email configuration, visit our Knowledge Base.

Did this answer help?

Related Articles

How To Add Public SSH Key To Your WebHostingM cPanel For SSH Access Take website security to the next level! This comprehensive guide explores generating SSH keys... How To Banish Unwanted Visitors From Accessing Your Site In cPanel Learn how to block IP addresses from accessing your website using cPanel's IP Blocker interface.... How To Change An Email Account Password In WebHostingM cPanel Learn how to change your email account password in cPanel to enhance email security and protect... How To Create A cPanel Sub-Account For Your Website Developer Learn how to create and manage sub-accounts for your website developers using cPanel's Manage... Domain Aliasing Done Right: Expanding Your Website's Reach with cPanel Imagine having multiple domain names all leading to your fantastic website! With domain aliases...
« Back

  Idea Storm

wordpress beginner wordpress tutorial wordpress guide wordpress hosting wp squared web hosting wp plugin phpMyAdmin cpanel hosting dns file manager backups terminal cli domain forwarding cloudflare User Management Permissions cPanel Web Hosting Security cPanel UAPI Server Migration Apache Directives Apache Migration htaccess PHP End of Life PHP CGIEmail Web Scripting Security Vulnerabilities Scripting Languages cPanel Email Management Web Hosting Management Email Quotas cPanel Interface Account Management cPanel Login cPanel Security Two-Factor Authentication Login Issues Cloudflare Configuration Troubleshooting Tips Domain Forwarder Email Forwarding File Management cPanel File Manager File Deletion Custom Error Pages cPanel Error Pages HTTP Status Codes Git Version Control Command Line (CLI) cPanel Metrics Awstats Resource Utilization Webalizer Website Statistics Email Configuration Email Ports cPanel Email Accounts cPanel Subdirectory Web Hosting Manager cPanel Webmail Mod_Pagespeed FTP Accounts Website Management File Sharing Team Collaboration Security SSH cPanel Backup IP Blocking Website Security Website Protection Email Security Multi-Factor Authentication cPanel Language SPF DKIM DMARC Email Deliverability cPanel Email Forwarding SFTP cPanel Team User User Roles cPanel Permissions DNSSEC DNS Security Domain Alias Addon Domains cPanel File Management Subdomains Alias Domains Email Autoresponders Mailing Lists Image Optimization Website Performance Image Editing Troubleshooting Browser Cache cPanel Terminal Command-Line Interface Data Security Download Files File Compression Website Migration DNS Management Website File Editing Text Editors ModPagespeed Website Optimization Domain Alias Redirection Website Traffic Management Domain Redirection SSL/TLS Certificate Installation AutoSSL Troubleshooting HTTPS Encryption cPanel SSL/TLS Status Secure Website Traffic File Extraction File Upload SSL/HTTPS Performance Optimization SSL/HTTPS Redirection Domain Hosting DNS Configuration Domain Security cPanel Zone Editor cPanel Username cPanel Password cPanel Access WebHostingM Support WHM Access Reseller Control Panel Web Host Manager Reseller Hosting Webmail Login Email Management Webmail Access cPanel Login Accessing cPanel cPanel Sub-Accounts Access Control SSH Login Security Enhancement CDN Integration WordPress Optimization API Key Management Payment Billing Promotional Credits Coupons Hosting Orders Verification Auto-Renewals Late Fees Bandwidth GST WebSpace SEPA PayPal Cancellation Suspension Email Address Password Reset Refunds Money-Back Guarantee Domain Transfer Domain Renewals Upgrade Paystack Hosting Support Language VAT Taxes Discounts Credit Card ACH Invoices Hosting Trial AccelerateWP WordPress XML-RPC FTP/SFTP REST API WordPress Toolkit Softaculous PHP X-Ray WordPress Plugins Databases Wo Plesk mod_lsapi CloudLinux Google Workspace mod_security nginx Imunify360 Joomla Drupal CodeGuard Jetbackup Roundcube BoxTrapper Horde Domain Management WHM Domain Registration Domain Suspension PowerDNS rDNS CNAME BIND MySQL Inodes WordPress Migration MTA-STS 2FA Dedicated IP Support Ticket SitePad Website Builder 301 Redirect Naked Domain Redirect WHMCS Cron WHMCS License WHMCS Security WHMCS Automation WHMCS Migration SEO XOVI Now Weebly Website Builder SpamExperts SiteLock ModSecurity Fail2Ban phpinfo SpamAssassin atop Plesk PHP settings Migration Firewall PHP Configuration Plesk File Manager Plesk FTP AlegroCart Backup Restoration Scheduled Backup Hostname Postfix SMTP CageFS OpCache EasyApache 4 WebHostingM Name Servers Contact Information Management Search Engine Indexing Email Issues catch-all-address Quota Plesk Security error-troubleshooting

  Support

Your Support Tickets
News & Announcements
Knowledgebase
Downloads
Network Status
New Ticket