• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Correct SSL-Certificate for Plesk (Wildcard?)

Dukemaster

Dukemaster

Regular Pleskian
Hello Plesk friends,
please help me installing ssl-certificate for Plesk Server in the right way.
- Until yesterday I had a quick geotrust certificate for my domain xyz.com correctly installed and used in domain settings.
- Yesterday I wanted to use this cert to secure Plesk server. I deactivated it first, then deleted it from the webhosting settings, uploaded it in the Server Pool and selected it to secure plesk server. Successful by installation.
1. Problem. Then as I logged in Plesk Panel again, I got the normal insecure warning in firefox, the same like with the default plesk certificate by first-time-login. Then I always choose to remember my choice trusting the certificate.
2. Problem was, that I was not able to select this certificate also for the domain in webhosting setting. I got the message "Certificate is already used by server pool (or plesk server)".
I didn't selected it as "default certificate" in SSL Certificates - Tools & Settings, perhaps it was the big mistake?
I wondered about this, because it's dedicated to the xyz.domain. But I could use it only for plesk server or for the domain for which it is signed.
What can I do to get no warning and to have a trusted certificate for plesk server plus refering domain.

Most important question is:
Do I have also the same problem to secure Plesk Server when I choose a wildcard certificate? I know it might have to do with the problem of self-signed status.
Which kind of certicate do I need?
Important:
My provider offered me a cheap wildcard certificate. If I use the wildcard certificate, is it possible to secure the server and also the domain for which the cert is signed with the wildcard certificate or not?
They wrote on the providers page that it is possible to secure domains and explicitly a "SERVER".

Greets and happy weekend
 
Last edited:
Wildcard certificate: A certificate that secures a 2nd-level domain and all of its subdomains, e.g. *.mydomain.com secures www.mydomain.com, sales.mydomain.com, procurement.mydomain.com. Such a wildcard certificate will work with Plesk to secure the control panel and mail.

The other part of your question: I am unsure about that, because it sounds as if you want to use the same domain name for the Plesk control panel and a subscription. I do not recommend to do it that way. Your host should not be named the same as domains hosted on it.

A certificate that you install in and for the control panel and set it as "default" will automatically become available in subscriptions. For that reason it does not really make sense to add that same certificate to the subscription. You could simply choose the existing cert from the drop down list of available certificates in your subscription's hosting settings.
 
Hi Dukemaster,

consider to wait a few days, before you purchase a certificate. The Plesk - Team work to improve the "Plesk - Lets-Enccrypt extension" and plan to add the possibility to support domain aliases and subdomains. ;)

Source:
Ruslan Kosolapov said:
Support of domain aliases and subdomain already planned on the one of upcoming releases of Plesk Let's Encrypt Extension :)
Click to expand...
 
Thanks a lot again, @UFHH01 - Now I have the best solution ever.
For my real domain environment I don't need any subdomains, so for which reason I should buy any wildcards? Wasting hard money? Never!

Plesk with Letsencrypt is perfect, safe and cool.
For this reason I will also cancel my second IP.
By resolving all Plesk tipps especially your amazing help @UFHH01 here in forum helped me to get SSL grade A+ (380% of 400%) for all of my 8 TLD (domains), also for the 1 (host) server domain of my provider.

THANKS to all PLESK team members and developers
I paid nothing for this SSL grade A+.
And I always hated the bad business makers by creating billions of dollars in creating simple encryption keys in only 2 seconds in realtime. Only the calls to Letsencrypt CA-server cost the server a little piece of traffic, nothing more.
Creating money by doing less as nothing is the greatest problem in our present world, we will destroyed by the greed of getting rich. This is not my world with working hard for my money.
Lots of greets
 
Last edited:
Hi pandpan,

pandpan said:
Hows the ETA look right now for alias/wildcards/sub-domains support with Lets-Encrypt?
Click to expand...

There will never be a "wildcard" - support for Let's Encrypt - certificates. "Alias" and "Subdomain" - support is already existent.
 
Last edited by a moderator:
UFHH01 said:
Hi pandpan,



There will never be a "wildcard" - support for Let's Encrypt - certificates. "Alias" and "Subdomain" - support is already existent.
Click to expand...

Could I have a KB link to how to install LE's SSLs into a Subdomain? I'm in my plesk CP and I only see options to install an SSL to the single domain I have.

Many Thanks.
 
Hi pandpan,

actually, you could have found the official Plesk blog article for your request:

... which doesn't explain the "subdomain" - usage, but it is certainly the very same procedure, as for your main - domain and your alias domain(s) now.


Pls. don't forget to check your "Hosting settings management" for your subscription, because this is the option, which allows/denies the setting for:
Makes the following hosting parameters act as a preset: SSL/TLS support and support for programming and scripting languages, custom error documents, and web server settings.
Click to expand...


If you experience any issues here, pls. provide MORE informations ( Examples: screenshots? Ccommand output of "plesk bin subscription_settings --info YOUR-DOMAIN.COM" / "plesk bin subscription_settings --info SUB-DOMAIN-NAME.YOUR-DOMAIN.COM" / plesk bin service_plan --info "YOUR-SERVICE-PLAN-NAME" / plesk bin client_pref --info YOUR-CLIENT-NAME / ... ). Each (alias)/(sub)domain should have the option to use "Let's Encrypt", if you see the button

=> Plesk-Onyx_LE_button.png Let's Encrypt​

... in the MAIN - navigation at => HOME > Domains > SUB-DOMAIN-NAME.YOUR-DOMAIN.COM / YOUR-DOMAIN.COM / ALIAS-DOMAIN-NAME.COM
 
For securing plesk login page with lets encrypt
I have server at hetzner (ubuntu16.04 plesk17.5 updated to 17.8 now)
In plesk, I changed my hostname in server settings "myword.your-server.de"

Now, in ssl certificates, I used following as in plesk ssl settings and got this message.
Certificate for securing Plesk default certificate from server pool. [change]

My question is
how much time it takes for getting lock symbol on page?
your-server.de is hetzner's. I just gave hostname randomly like that.
I have 2 websites with domain names at godaddy.
Should I use one of the websites subdomain for hostname?
which is better to secure plesk login?
 
Last edited:
You must log in or register to reply here.

Similar threads

Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2
Replies
26
Views
5K
Kaspar
K
HoracioS
Issue In version 18.0.57 #1, wildcard domains do not work correctly
Replies
3
Views
659
Peter Debik
P
Rendor9
Resolved I can't renew my plesk onyx interface SSL certificate.
Replies
4
Views
1K
Rendor9
Rendor9
CobraArbok
Question Even with certificate, webmail is not secure.
Replies
3
Views
207
CobraArbok
CobraArbok
D
Issue can only create webmail certificates
Replies
1
Views
354
deepnpisgah
D
Back
Top