Haven’t you heard? SSL certificates aren’t just for eCommerce anymore. Everyone needs encryption now since browsers provide insecure notices when they don’t exist and Google is using it as an SEO ranking indicator.

But historically SSL certificates have been costly. Enter: Let’s Encrypt. A free SSL provider with a massive amount of industry support.

Not sure if you need a commercial certificate? Free Let’s Encrypt certificates are the best option for most use-cases as they’re really simple to install and cover end-to-end encryption for website visitors. However in select cases, like an online store, you may wish to use a commercial certificate instead. Read more on how to select an SSL certificate here.

Let’s Encrypt uses HTTP validation to confirm you actually own, or at least have access to your website. Since you’re installing Let’s Encrypt using Plesk, this validation is able to be done automatically for you, however it also means that your site must be live (DNS updated and working) prior to enabling Let’s Encrypt.

IMPORTANT: if your site is not live on the server where you’re activating Let’s Encrypt, the installation will fail. There is no way around this: the website must be live on the same server where you’re installing the certificate.

If your domain isn’t yet live with us, but you wish to make it live now, the following steps will ensure your Let’s Encrypt certificate will apply as soon after you make it live as possible.

1) Make your DNS changes to point the domain to us.

2) Wait 45 minutes. Then flush Google DNS for the domain here

Flushing the Google DNS cache works because Let’s Encrypt currently uses Google DNS for its lookups. If the 45 minute wait wasn’t enough, the install will fail again. Be sure you don’t keep trying over and over as Let’s Encrypt only allows 4-5 failures before they institute a 60 minute cooling-down period (for the whole server!) If it doesn’t work after 60 minutes, wait 30 more. If it doesn’t work after that, wait 30 more and try again. It shouldn’t take longer than 2 hours.

3) Use the steps below to install your Let’s Encrypt SSL certificate


Begin by logging in to Plesk

Once in Plesk, find the domain that you wish to secure in the list. If you don’t see a list of domains, click “Websites & Domains” in the upper left corner.Once you’ve found your domain settings, you may need to click the “SHOW MORE” link. It’s found roughly below the “Mail” or “Databases” icon. This provides you with a bunch more configuration options for your domain. Complete the following steps for your version of Plesk. NOTE: for all of our shared servers, follow the Obsidian instructions.

For Plesk Obsidian or newer (Plesk Docs):

  1. Click on “SSL/TLS Certificates”
  2. Click Get it free under “Entry-level protection”.
  3. Specify the email address that will be used for urgent notices and lost key recovery.
  4. Select what you want to secure in addition to the main domain: If you have the www subdomain, select the “Include a “www” subdomain for the domain. If you have domain aliases, make absolutely sure they are pointing to your hosting and live, then select them to add them to the certificate as well. If any of your aliases or subdomains are not live, do not select them or your certificate will not be successfully issued.
  5. If you are presented with the option to secure webmail, make sure not to enable it. Our webmail config redirects to a central system that does not require your SSL certificate.
  6. It’s very rare that you will need to enable the wildcard option. Unless you know you have a specific use-case for it, we recommend not using that function.
  7. Click Get it free.

You’ve now got an SSL certificate!

Plesk automatically generates the CSR, sends it to Let’s Encrypt, retreives the certificate, installs it, then activates it for the domain.

Finishing Touches

A video walkthrough for the older version of Plesk Onyx can be found here.

Any questions or feedback? Leave them in the comments.

Updated Mar 9, 2020 for Plesk Obsidian’s Certificate Management Changes. Originally written in 2016.

About Allen Pooley

Allen is a self professed geek and technology lover. He's always playing with one of his various websites, and loves helping customers with theirs. He can often be found with a coffee (light roast, please) in his hand and a smile on his face... or with a plate of bacon. Mmm, bacon.

6 Comments

  1. Emily McE on March 2, 2018 at 5:59 pm

    I’ve been told that Let’s Encrypt is only worthwhile with Autorenewal. Does Websavers do Autorenewal on Let’s Encrypt? Thank you!

    • Jordan Schelew on March 2, 2018 at 6:01 pm

      That’s very true… manually renewing every three months would suck! Yes, our control panel Plesk will automatically handle renewals for you 🙂

  2. C on March 24, 2017 at 10:38 am

    I have completed the above instructions and want to force SSL to be active; however, when I go to the Host Settings to activate “Permanent SEO-safe 301 redirect from HTTP to HTTPS”, I am unable to select the check box.

    • Allen Pooley on March 24, 2017 at 10:41 am

      Hi Corey,

      Looks like our Helium Plan permissions were behind the times with what’s needed for this with Plesk Onyx; it’s been fixed up and you should now be able to select that.

      Cheers
      Allen

  3. John Ainsworth on December 29, 2016 at 9:41 pm

    Websavers hosts our website.
    Network solutions manages our domain name, we have 4.
    We do not presently have an SSL certificate.
    Our website has one page that viewers can ask a question only.
    What is the ideal SSL certificate requirment for our site?
    What has to be provided to Network Solutions?
    What is the cost?
    Regards.

    • Jordan Schelew on December 29, 2016 at 9:44 pm

      Hey John,

      If there’s no eCommerce transactions, I’d go with Let’s Encrypt. It’s enabled within Plesk with a single click on the Let’s Encrypt button. Nothing needs to be done with Network Solutions and it’s completely free 🙂

      -Jordan

Leave a Comment