Updated Mar 9, 2020 for Plesk Obsidian’s Certificate Management Changes. Originally written in 2016.
Haven’t you heard? SSL certificates aren’t just for eCommerce anymore. Everyone needs encryption now since browsers provide insecure notices when they don’t exist and Google is using it as an SEO ranking indicator.
But historically SSL certificates have been costly. Enter: Let’s Encrypt. A free SSL provider with a massive amount of industry support.
IMPORTANT: if your site is not yet live with us, this will not work. Let’s Encrypt uses HTTP validation to confirm you actually have access to your website. Since you’re installing Let’s Encrypt using Plesk, this validation is able to be done automatically for you, however it also means that your site must be live (DNS updated and working) prior to enabling Let’s Encrypt. There is no way around this, however if your domain isn’t yet live with us, the following steps will ensure your Let’s Encrypt certificate will apply very quickly after you make it live:
- When ready, make your DNS changes to point the domain to us.
- Wait a few minutes *. Then flush Google DNS for the domain here
- Use the steps below to install Let’s Encrypt
* Flushing the Google DNS cache works because Let’s Encrypt currently uses Google DNS for its lookups. Sometimes the DNS takes a bit longer to process (especially when its hosted with a not-so-good DNS provider), so you might have to wait 10-15 minutes or longer. Just be sure you don’t keep trying over and over as Let’s Encrypt only allows 4-5 failures before they institute a 60 minute cooling-down period (for the whole server!) If it doesn’t work after a few minutes, wait 10 more. If it doesn’t work after that, wait 30 more, etc,
Begin by logging in to Plesk
Once in Plesk, find the domain that you wish to secure in the list. If you don’t see a list of domains, click “Websites & Domains” in the upper left corner.Once you’ve found your domain settings, you may need to click the “SHOW MORE” link. It’s found roughly below the “Mail” or “Databases” icon. This provides you with a bunch more configuration options for your domain. Complete the following steps for your version of Plesk. NOTE: for all of our shared servers, follow the Obsidian instructions.
For Plesk Obsidian or newer (Plesk Docs):
- Click on “SSL/TLS Certificates”
- Click Get it free under “Entry-level protection”.
- Specify the email address that will be used for urgent notices and lost key recovery.
- Select what you want to secure in addition to the main domain: If you have the www subdomain, select the “Include a “www” subdomain for the domain. If you have domain aliases, make absolutely sure they are pointing to your hosting and live, then select them to add them to the certificate as well. If any of your aliases or subdomains are not live, do not select them or your certificate will not be successfully issued.
- If you are presented with the option to secure webmail, make sure not to enable it. Our webmail config redirects to a central system that does not require your SSL certificate.
- It’s very rare that you will need to enable the wildcard option. Unless you know you have a specific use-case for it, we recommend not using that function.
- Click Get it free.
For Plesk Onyx:
- Look for “Let’s Encrypt” and click on it to proceed.
- Enter your preferred email address (typically your tech contact)
- Include the www for your domain if it’s *not* being installed on a subdomain
- Click Install.
You’ve now got an SSL certificate!
Plesk automatically generates the CSR, sends it to Let’s Encrypt, retreives the certificate, installs it, then activates it for the domain.
Plesk Onyx Video Walkthrough
- Now that you’ve got the cert, you may wish to force SSL to be active across your entire website.
- If you’re using a web application like WordPress, you may also find you need to adjust some of your image resources, or use a plugin to forcefully change all resource links to HTTPS. Here’s how!
Any questions or feedback? Leave them in the comments.