How to install an SSL Certificate in Plesk

Things you will need

  • If you are a customer of Websavers, ensure you can log in successfully to the Websavers Client Centre.
  • If you are not hosting your website with us, then be sure you have Plesk access.

Part A: Generating your signing request

If you already have your SSL Certificate then you can skip to Part B to get it Installed and Activated.

This will guide you through the process of creating the special code called a Certificate Signing Request (CSR) that will be sent to your certifying authority (CA). The Certifying Authority is a fancy name for the company that issues the certificate, like Comodo or GeoTrust or Symantec. In most cases you’ll be getting that certificate from a reseller; this could be us or another company, although we can only provide support for the certificate if you buy from us.

  1. Login to Plesk. If you’re hosted with us, click here to learn how.
  2. Click the Websites & Domains tab
  3. Choose the “Secure your Sites” or “SSL Certificates” button
  4. Choose the “Add SSL Certificate” button. If you’re renewing a certificate, you’ll still need to add a new one — it’s not recommended to reuse the CSR from the previous certificate, which will likely appear in the list.
  5. Name the certificate. This can be named anything that you choose, however we suggest using something that helps identify the certificate in the likely event that you purchase additional certificates at a later date. For example, including the current date and domain name it will be used for is often helpful. E.g.: websavers.ca Dec 2013 – Dec 2015
  6. Make any needed adjustments to your contact information. This information will be embedded in the SSL Certificate and should be similar to your domain registration information. The email address should match that which you used to register the domain and must be accessible to you, otherwise you will not receive the certificate from your certificate provider. Falsified information is likely to be rejected by your SSL Certificate Provider.
  7. The Domain name field must be set to your domain name without the www. part. If you’re securing a subdomain, be sure to include the subdomain. If you’re setting up a wildcard certificate enter *.<your_domain>
  8. For now you can ignore anything below the “Settings” section — the remaining sections will be filled out after you receive your certificate.
  9. Click the “Request” button to have your CSR generated and Plesk will likely take you back to the list of certificates. If so, then click on the name of the certificate you just created to view it again. You can now review the CSR and Private Key. Save the Private Key in a safe location. Should anything occur with your server that the certificate must be re-entered you MUST have at least the Certificate and Private Key on hand to resupply, otherwise you will need to purchase a new certificate.
  10. If you have not yet purchased an SSL certificate, do so now. You can purchase an SSL certificate from us here. During the order process you will be asked to supply the CSR, which you can copy and paste from this location in Plesk. If you have already ordered a certificate from Websavers, then this is the time to “configure” the certificate. This can be done by choosing your certificate from the product listing in our Client Centre, then clicking the Configure button. You can also find the configuration link in our automated product configuration email.
  11. After you’ve submit the CSR to your Certifying Authority (CA), you will get one email requesting approval for the certificate. Follow the directions within to provide authorization. Once authorized, the CA will issue your certificate. This can take anywhere from a few minutes up to a week to complete depending on the type of certificate, please be patient!

Part B: Installing necessary certificates in Plesk

You will receive the Certificate from your SSL supplier by email, normally within 1-2 days. Cheaper certificates are typically emailed within an hour and more expensive ones (like EVSSL) can take up to a week or even longer to verify your company’s identity.

When you receive your SSL Certificate by email, the email should contain at least two attached files, your certificate, and a CA Bundle certificate file.

Inserting the Certificate and CA Certificate

  1. Login to Plesk. If you’re hosted with us, click here to learn how.
  2. Click the Websites & Domains tab
  3. Choose the “Secure your Sites” or “SSL Certificates” button
  4. Select the certificate you added in Part A from the list
  5. Use the “Upload the certificate files” option to select your certificate file and the CA Certificate/Bundle file from your computer. If you are copy/pasting the text rather than uploading the files, make sure to include the “—–BEGIN CERTIFICATE—–” and end parts. They are considered part of the certificate.
  6. Click the “OK” or “Upload Certificate” button.
Your certificate is now installed in Plesk!
If the Private Key does not match the Certificate then you will see an equivalently named error. You MUST have a matching Private Key and Certificate in order to use a Certificate, otherwise you must purchase a new certificate. If you provided a matching certificate and private key, you will be sent back to the list of certificates and all will be ready to go.

Part C: Applying your certificate to a domain

You now have the certificate saved to your hosting plan, however your domain is not yet configured to actually use it. Complete the following steps to tell your domain to make use of the certificate.

  1. If you’re not already logged in to Plesk, do so now. If you’re hosted with us, click here to learn how.
  2. Navigate to the “Websites & Domains” tab and choose either the “Web Hosting Settings” button or a link beside your domain that says “Hosting Settings”.
  3. Ensure the “Enable SSL Support” box is checked and in the dropdown below, select your new certificate. If there is no dropdown, it should automatically apply your certificate as it must be the only one in Plesk for the domain. Scroll down and click OK to apply the certificate to your domain.

You can now check that your certificate is installed by loading https://yourdomain.com. You may need to wait 1 minute, clear your browser cache, or refresh your browser a few times to force it to retrieve the new certificate.

Troubleshooting

This SSL Shopper tool is one of the best at determining whether a certificate is correctly installed along with its intermediate certificates. It will show you a graphic of each certificate along the chain that begins with your site’s certificate and jumps to each intermediate until it reaches the root. If there is a missing certificate or if they’re installed in the wrong order, this tool will tell you.

The SSL Shopper tool is showing me a broken link

This means that the CA Bundle that your issuer provided is not correctly linking your certificate to the root. If you did not purchase the certificate from us, you’ll need to ask your certificate provider for help with fixing this. If you did purchase the certificate from us, simply open a ticket indicating that you’ve completed this guide and that the SSL shopper tool is showing a broken link and we’ll get it fixed for you.

SSL Shopper says all is well, but I still don’t get a lock in my address bar

If the SSL Shopper tool is indicating the certificate is installed correctly but you’re not seeing the lock in your browser when visiting the secure URL this indicates that some resources are forcefully being loaded insecurely. In other words there’s one or more file that is loading with http rather than https because it’s hard coded to do that either in your theme or custom configuration.

To fix this you’ll need to use your browser’s web inspector tool to find the files not loading via https and adjust your website code to use either relative paths (ex: /myfile.php) or protocol agnostic URLs (ex: //websavers.ca/myfile.php rather than https://websavers.ca/myfile.php).

I want  my entire site to load using HTTPS

Check out our article on how to force https across your whole site here!

If you need a hand with any part of this process, ask an expert! Be sure to send us your domain, the type of SSL certificate you’re using and most importantly the step you’re having trouble with.

Jordan is a computer, security, and network systems expert and a lover of all things web and tech. Jordan consults with project management for software companies. Jordan is a founder and managing partner at Websavers Inc.

2 Comments

  1. Gabriele on March 10, 2014 at 9:40 am

    Hey, great article, very informative, however, just a few suggestions.

    1. There are a few different layout options to help organize Plesk, maybe a screen capture, or instructions to a particular layout would help illustrate where to click a bit better.

    2. If you already have an SSL certificate, but it’s expired, there is no “update” steps. You can update a certificate without deleting / re-creating it.

    3. If you are updating your certificate, make sure that in the apply section you include removing the SSL certificate from the Domain, and then re-applying it for the new certificate to be refreshed. I wasn’t able to get proper HTTPS verification from my Chrome browser until this step was completed.

    Just a few suggestions, great article, and service! Thanks for your help.



    • Jordan Schelew on March 10, 2014 at 4:11 pm

      Some responses to those suggestions:

      1. Yes indeed. One day when we have the time to do screen captures for all of these guides, we’ll get that done!
      2. I *think* there’s some very slim security problem with using the same CSR twice in a row, though it’s probably pretty unlikely to be an issue.
      3. Removing and adding a new one makes this type of problem not exist (it ensures it will always apply correctly) so I don’t think we should overcomplicate the instructions above (which are already pretty lengthy as is!) That said, it’s good to have here in the comments in case someone else decides to take that route on their own.

      Thanks for the ideas and comments!