StarDomain

Installing SSL in Plesk

Installing SSL in Plesk

Plesk provides multiple methods for installing SSL certificates on your domains. This guide covers installing purchased SSL certificates, using Lets Encrypt free SSL, and managing SSL settings.

Method 1: Installing a Purchased SSL Certificate

If you purchased an SSL certificate from {{COMPANY_NAME}} or another Certificate Authority:

Step 1: Gather Your Certificate Files

You will need:

  • SSL Certificate (.crt file) — Your domains certificate
  • Private Key (.key file) — Generated when you created the CSR
  • CA Bundle / Intermediate Certificate (.ca-bundle or chain file) — Provided by the CA

Step 2: Install in Plesk

  1. Log in to your Plesk control panel
  2. Go to Websites & Domains
  3. Click on the domain you want to secure
  4. Click SSL/TLS Certificates
  5. Click Add SSL/TLS Certificate (or Manage if one exists)
  6. Enter a name for the certificate (e.g., "MyDomain 2026")
  7. Under Upload certificate files, paste or upload:

- Certificate (\*.crt): Paste your certificate content

- Private key (\*.key): Paste your private key

- CA certificate (\*-ca.crt): Paste the CA bundle/intermediate certificate

  1. Click Upload Certificate

Step 3: Assign the Certificate to Your Domain

  1. Go to Websites & Domains > select your domain
  2. Click Hosting & DNS > Hosting Settings (or Hosting)
  3. Under Security, check SSL/TLS support
  4. Select the certificate you just installed from the dropdown
  5. Click OK or Apply

Tip: Always install the CA bundle (intermediate certificate). Without it, some browsers and mobile devices will show SSL warnings even though the certificate is valid.

Method 2: Lets Encrypt Free SSL

Plesk includes built-in Lets Encrypt integration for free, auto-renewing SSL certificates.

Installing Lets Encrypt

  1. Go to Websites & Domains > select your domain
  2. Click SSL/TLS Certificates
  3. Click Install under the Lets Encrypt section (or click Get it free)
  4. Configure the certificate:

- Email address: Your contact email for expiry notifications

- Include www: Check to secure both example.com and www.example.com

- Secure webmail: Check if you use Plesk webmail

- Wildcard certificate: Check if you need *.example.com (requires DNS validation)

  1. Click Install or Get it free
  2. Lets Encrypt validates your domain automatically (via HTTP challenge)
  3. The certificate is installed and assigned automatically

Tip: Lets Encrypt certificates are valid for 90 days but Plesk auto-renews them 30 days before expiry. No manual intervention is needed.

Lets Encrypt Wildcard Certificates

For wildcard certificates via Lets Encrypt:

  1. Select the Wildcard option during installation
  2. Plesk will prompt you to add a DNS TXT record for validation
  3. If your DNS is managed in Plesk, this is done automatically
  4. If DNS is external, you must add the TXT record manually and click Reload

Method 3: Self-Signed Certificate

Self-signed certificates are not trusted by browsers but can be useful for development or internal sites.

  1. Go to SSL/TLS Certificates
  2. Click Add SSL/TLS Certificate
  3. Fill in the certificate details (domain, organization, location)
  4. Click Self-Signed to generate
  5. Assign to the domain via Hosting Settings

Tip: Self-signed certificates will show browser warnings. Only use them for development or internal purposes.

Verifying Your SSL Installation

After installation:

  1. Visit your website using https:// in the browser
  2. Click the padlock icon in the address bar
  3. Check the certificate details (issuer, validity dates, domain name)
  4. Use an online SSL checker tool (e.g., SSL Labs) for a detailed report

Managing Multiple Certificates

Plesk allows you to have multiple certificates installed and switch between them:

  1. Go to SSL/TLS Certificates for the domain
  2. View all installed certificates
  3. The active certificate is highlighted
  4. To switch, go to Hosting Settings and select a different certificate
  5. Remove old or expired certificates to keep the list clean

Troubleshooting

  • "Certificate does not match the private key" error: The private key must be the same one used to generate the CSR. If you lost the key, reissue the certificate with a new CSR.
  • Lets Encrypt installation fails: Ensure the domain resolves to the servers IP address. Lets Encrypt validation requires HTTP access on port 80.
  • Mixed content warnings: Your site loads some resources over HTTP. Update image, script, and CSS URLs to use HTTPS or protocol-relative URLs.
  • Certificate not trusted: Missing CA bundle/intermediate certificate. Install the complete certificate chain.
  • Wildcard Lets Encrypt fails: DNS validation may not be automatic if DNS is managed externally. Add the TXT record manually.
  • SSL not working after installation: Ensure SSL/TLS support is enabled in Hosting Settings and the correct certificate is selected.

Related Articles

Need help installing SSL in Plesk? Contact {{COMPANY_NAME}} support at {{SUPPORT_EMAIL}} or open a ticket at {{SUPPORT_URL}}.

Need Help?
New TicketTrack TicketKnowledge BaseContact Us