Before proceeding with SSL configuration:
- Test these steps in a non-production environment first
- Backup your current Plesk configuration
- Check Plesk's official documentation for the most up-to-date instructions
- Ensure you have selected the appropriate maintenance window
Prerequisites
- Administrator access to Plesk
- Valid FQDN pointing to your server's public IP
- Port 8443 accessible from the internet
- Valid email address for certificate notifications
- DNS properly configured for your hostname
Key Terms Explained
- SSL Certificate
- A digital certificate that enables encrypted connections and verifies server identity
- Let's Encrypt
- A free, automated, and open Certificate Authority providing free SSL certificates
- Port 8443
- The default secure port used by Plesk for encrypted administrative access
- FQDN
- Fully Qualified Domain Name - your complete server address (e.g., server.example_domain.com)
Method 1: Installing Let's Encrypt Certificate
Important Notes
- Let's Encrypt certificates are valid for 90 days
- Automatic renewal is handled by Plesk
- Your domain must be publicly accessible
- DNS must be properly configured before proceeding
Installation Steps
- Access Plesk Panel
Log in to your Plesk control panel as administrator
- Navigate to SSL Settings
Go to
Tools & Settings>SSL/TLS Certificates(under Security) - Access Let's Encrypt
Click the
Let's Encryptbutton - Configure Certificate Details
Domain Name Configuration
- Use your server's hostname (recommended)
- Or use any hosted (sub)domain on your server
- Must resolve to server's public IP address
- If using www redirection, specify www.example_domain.com
Email Configuration
- Provide valid email address for:
- Certificate expiration notifications
- Security alerts
- Important system warnings
- Install Certificate
Click
Installto generate and configure the certificate
Verifying Installation
Visual Verification
- Access your Plesk panel using https://example_hostname:8443
- Check for the padlock icon in your browser
- Verify certificate details in browser security information
Command Line Verification
# Test SSL connection
openssl s_client -connect example_hostname:8443 -servername example_hostname
# Check certificate expiration
echo | openssl s_client -servername example_hostname -connect example_hostname:8443 2>/dev/null | openssl x509 -noout -datesTroubleshooting Common Issues
Certificate Generation Fails
- Verify DNS settings using:
dig +short example_hostname - Ensure port 80 is accessible for verification
- Check Plesk error logs:
/var/log/plesk/panel.log
Access Issues After Installation
- Clear browser cache and cookies
- Verify firewall rules for port 8443
- Check certificate chain is complete
Renewal Problems
- Verify Let's Encrypt service status
- Check automated renewal logs
- Ensure DNS settings haven't changed
Using Other Certificate Authorities
If you prefer using a different Certificate Authority, you can:
- Generate a CSR in Plesk
- Submit it to your preferred CA
- Install the received certificate files
- Configure the certificate chain if required
Best Practices
- Monitor certificate expiration dates
- Keep email contact information updated
- Regularly verify SSL configuration
- Maintain backup of certificate files
- Document any custom configurations
- Set up monitoring for SSL expiration
Need Help?
If you encounter any issues during the SSL configuration process, please contact Plesk support or consult your system administrator.
