How to Configure Custom SSL Certificates for Plesk Interface
Before proceeding with custom SSL installation:
- Back up your existing SSL configuration and certificates
- Test in a non-production environment first
- Ensure you have all certificate files readily available
- Verify certificate chain completeness with your CA
- Check Plesk's latest documentation for any recent changes
Prerequisites
- Administrator access to Plesk
- Valid SSL certificate from a trusted Certificate Authority
- Complete certificate chain (if applicable)
- Private key file
- Backup of current SSL configuration
Understanding Certificate Files
- .crt file
- Contains the server certificate and possibly the certificate chain
- .key file
- Contains your private key - keep this secure and never share it
- .pem file
- Privacy Enhanced Mail format - may contain both certificate and private key
- Certificate Chain
- Series of certificates needed to verify your certificate's authenticity
Installation Methods
Method 1: Single Certificate File (.crt)
- Log in to Plesk as administrator
- Navigate to
Tools & Settings>SSL/TLS Certificates - Click
Browse...to locate your .crt file - Click
Upload Certificate
Method 2: Separate Key and Certificate Files
- Log in to Plesk as administrator
- Go to
Tools & Settings>SSL/TLS Certificates - Click
Addunder "List of certificates in server pool" - Scroll to "Upload the certificate files" section
- Upload your .key file in the private key field
- Upload your .crt file in the certificate field
- Click
Upload Certificate
Note for .pem files: If you have a .pem file containing both certificate and private key:
- Upload the same .pem file in both fields
- Plesk will automatically extract the appropriate parts
Method 3: Certificate Text Input
- Log in to Plesk as administrator
- Navigate to
Tools & Settings>SSL/TLS Certificates - Click
Addunder "List of certificates in server pool" - Scroll to "Upload the certificate as text" section
- Paste certificate content into the certificate field
- Paste private key content into the private key field
- Click
Upload Certificate
Activating the Certificate
- Click
[Change]next to "Certificate for securing Plesk" - Select your newly uploaded certificate
- Click
OKto apply the changes
Verifying Installation
Browser Verification
- Access Plesk interface via https
- Check the padlock icon in your browser
- View certificate details to ensure correct installation
Command Line Verification
# Verify certificate installation
openssl s_client -connect your-server:8443 -servername your-server.com
# Check certificate expiration
openssl x509 -enddate -noout -in /path/to/certificate.crtTroubleshooting
Common Issues
- Certificate Chain Issues
-
- Ensure all intermediate certificates are included
- Verify correct certificate order
- Contact your CA for the complete chain
- Private Key Mismatch
-
- Verify private key matches certificate
- Check key format and permissions
- Ensure no extra characters in key file
- Upload Errors
-
- Verify file formats and encoding
- Check for hidden characters
- Ensure files aren't corrupted
Best Practices
- Always backup existing certificates before changes
- Store private keys securely
- Monitor certificate expiration dates
- Document certificate details and renewal procedures
- Test certificate functionality after installation
- Keep certificate contact information updated
Support Resources
If you encounter installation issues:
- Contact your certificate provider for Plesk-specific instructions
- Check Plesk documentation for updated guides
- Contact our support team or consult Plesk support forums
- Review server logs for detailed error messages
