• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question How do I restore an SSL Certificate on a different server?

Kroptokin

Regular Pleskian
Server operating system version
AlmaLinux 9.3 (Shamrock Pampas Cat)
Plesk version and microupdate number
Plesk Obsidian Version 18.0.58 Update #1
I had to rebuild my Plesk system from scratch. I need to re-install a purchased SSL Certificate. I have all the bits - CSR, private key and all the issued bits. But I can't figure out how I can fully restore the Certificate including the CSR part. I can add the private key, crt and root certificate by doing 'Create New SSL' - but with this setup I get warnings about the SSL identity missing and the web site is unstable. This must be possible - otherwise how could you (manually) move a Certificate to a new server - but how?
 
There does not appear to be a way to do this through the interface. The only solution I can see is to go back to the provider and reissue the certificate. In my case both providers I use allow this. Luckily. (But it seems that this means there is in fact no point keeping your private key and CSR safe in case you lose your server because there is no way - via Plesk - to correctly reinstall the Certificate).

I would like to be wrong but it looks like this is an omission since the text on the UI clearly envisages doing just what I am trying to do - move a certificate from one server to another. It is just that it doesn't let you add the CSR and without that you get warnings in the server logs.
 
A CSR (= certificate signing request) is only needed to send the information you'd like to have signed to the trust center. Once you have the certificate there is no reason why you'd still need to have the signing request. You only need the certificate and the private key to use the certificate.
 
Hi Peter

Thanks. Once I had recreated my SSL based just on the Private Key file and the Certificate, by choosing Add New SSL and filling in what I had in the boxes, I was getting errors in the Apache logs:

AH01909: domain.com:443:0 server certificate does NOT include an ID which matches the server

I thought this was due to a missing CSR. But it seems it may be a different issue. (I was recreating the SSL on a subdomain - the error was in the parent domain error logs.). So - I am willing to believe what you say.

Nonetheless if anyone wants to recreate the SSL and use the CSR they can follow these steps. Incidentally, this has the advantage that it automatically selected the uploaded Certificate for the selected SSL Certificate in the Hosting section, (though not for subdomains with a wildcard Certificate).


The steps I did were as follows:

Dashboard
SSL/TLS Certificate
Reissue Certificate
Upload a file with a .pem extension which contains: the original CSR, the Private Key, the Certificate and the Root Certificate

So - this seems to be one way to do it.

So - thanks a lot for your advice.
 
Back
Top