• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx

  • We are developing a new feature in Plesk that will help you promote your websites or business on social media. We want to conduct a one-hour online UX test to present the prototype and collect feedback. If you are interested in the feature, please book a meeting via this link.
    Thank you in advance!
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved how to install SSL certificate of CloudFlare ?

tomer628

Basic Pleskian
hi.

i using Cloudflare and they have free SSL certificate to domains..
so i want to install the certificate, but they have PEM or DER or PKCS#7 format.
and i dont know how to install it via Plesk Onyx

how can i do that ?

regards,
Tomer.
 
digicert want me to pay them..
i have free from CloudFlare..

i didn't understand how to install the cloudflare certificate via Plesk
 
Hi tomer628,

pls. read and FOLLOW the links in the above mentioned articles, as for example:

Obtain private key and origin certificate pair

After => completing the steps to generate the private key and origin certificate, <= download both in the format described within the link below. Typically this format will either be PEM, DER, or PKCS#7.

The clouflare - articles are really well written and describe the EXACT ways you have to go, to reach your goal! ;) while the articles from digicert describe the possible ways to insert the certificates on servers with the corresponding hosting software ( so pls. just consider these to be references, how you may continue within Plesk, but use the certificates from cloudflare! ;) )
 
Hi tomer628,

pls. read and FOLLOW the links in the above mentioned articles, as for example:



The clouflare - articles are really well written and describe the EXACT ways you have to go, to reach your goal! ;) while the articles from digicert describe the possible ways to insert the certificates on servers with the corresponding hosting software ( so pls. just consider these to be references, how you may continue within Plesk, but use the certificates from cloudflare! ;) )
but i need to do via SSH if i use Cloudflare insruction:
https://support.cloudflare.com/hc/en-us/articles/217472077
 
Hi tomer628,

as you already know by now and as you already saw in the example - image from digicert, you DON'T have to insert/add the downloaded keys/certificates over the SSH-Command... you have Plesk and a very comfortable GUI ( again, pls. see the digicert - example - image ). ;)
 
I found if it's an existing site with Cloudflare the domain needs to be disabled then enabled again.

You'll see that the certificate starts initializing, once that's complete ssl will work.
 
This is a pretty old thread but I've had the same issue so putting this here for future reference.

I agree, the instructions aren't entirely clear on the CloudFlare website as of writing. I found the following method works:
  1. In CloudFlare under the SSL/TLS heading for the site you want to secure click on the "Origin Server" sub tab link.
    Screenshot 2021-01-27 at 18.22.39.png
  2. Click on Create Certificate if you haven't already.
  3. Save the Origin Certificate and Private Key on your computer - we will need the contents of these shortly.

    IMPORTANT: I found that I couldn't view the private key again once I'd closed the pop-up so if you don't save it then, as far as I can tell, you need to remove and create a new one.

    ALSO IMPORTANT: Cloudflare tells you to save the certificate a PEM file - THIS IS FINE.
    Be aware though that in Plesk it asks for a .CRT file. There might be a difference, I'm not going to claim to know what it is, but for our purposes it doesn't matter.


  4. Go to your Plesk and login.
  5. "Websites & Domains" should be the first thing you get loaded up. You should be able to see the website in a table. If it's not expanded, expand it.
  6. Here you should see a small preview window and some more options under tabs. You should be seeing "Dashboard", "Hosting & DNS", and "Mail".
    With the "Dashboard" tab selected, look for the Security heading. The first option I have is SSL/TLS Certificates. Click this.Screenshot 2021-01-27 at 18.23.53.png
  7. This should take you to the SSL/TLS Certificate for YOURDOMAINHERE.com. On the right of the page there should be an "Advanced settings" link/button (sorry going from memory for this point). This should take you to a page where you can upload ONLY a certificate and there is an empty table below. Don't upload here. Click on the button "Add SSL/TLD Certificate".
    Screenshot 2021-01-27 at 18.27.12.png

  8. This should load a new page with various settings. Along the top of the page you have a breadcrumb with Websites & Domains > YOURDOMAINHERE.com > SSL/TLS Certificates >
    The page title of Add SSL/TLS Certificate and the first text box on the page asking for "Certificate name". It is required but doesn't matter what you name it. I called mine the same as my domain. In the settings everything was filled in, if yours isn't just fill in the text boxes.
  9. The next heading on the page is "Upload the certificate files" skip this and go to the "Upload the certificate as text" heading.
    Screenshot 2021-01-27 at 18.05.54.png

    This is what we want.
  10. Copy and paste your .key file to the Private key (*.key) box.
  11. Copy and past your .pem file to the Certificate (*.crt) box.
  12. Finally we need something for the CA Certificate. Cloudflare support site there is an article named "Managing Cloudflare Origin CA certificates". Near the end of the article is the option step 4 "(Optional) Step 4 - Add Cloudflare Origin CA root certificates". Expand the RSA Root and copy the certificate, go back to your Plesk and paste it into the CA-certificate (*-ca.crt) text box on your Plesk (the third one down).
  13. Click the "Upload Certificate" button.
  14. Back on the "Upload a certificate here" page, you should now see something in that table. You can tick to select it, and click the "Secure Webmail" button (note "Secure Mail" won't work with this).
  15. Nearly done, go back to the Websites & Domains page, click on the Hosting & DNS tab from the website. Click "Hosting Settings".Screenshot 2021-01-27 at 18.16.52.png
  16. On the Hosting settings page look for the "Security" heading. There should be a dropdown menu for Certificate. Under which you should see the newly created certificate (it's named whatever you called it on the other page) (along with "Default Certificate" and "Not selected").
    Click on the certificate you created.
    Scroll to the bottom of the page and press "Apply".
  17. If you've done everything right (hopefully these instructions were clear) then it should now be working! If you have nothing on your server then you may be seeing the default Plesk page. If wrong, then you might be seeing the Cloudflare page.
  18. Check your webmail.YOURDOMAIN.com to make sure that's working too.
Hope this helps
 
This is a pretty old thread but I've had the same issue so putting this here for future reference.

I agree, the instructions aren't entirely clear on the CloudFlare website as of writing. I found the following method works:
  1. In CloudFlare under the SSL/TLS heading for the site you want to secure click on the "Origin Server" sub tab link.
    View attachment 18270
  2. Click on Create Certificate if you haven't already.
  3. Save the Origin Certificate and Private Key on your computer - we will need the contents of these shortly.

    IMPORTANT: I found that I couldn't view the private key again once I'd closed the pop-up so if you don't save it then, as far as I can tell, you need to remove and create a new one.

    ALSO IMPORTANT: Cloudflare tells you to save the certificate a PEM file - THIS IS FINE.
    Be aware though that in Plesk it asks for a .CRT file. There might be a difference, I'm not going to claim to know what it is, but for our purposes it doesn't matter.


  4. Go to your Plesk and login.
  5. "Websites & Domains" should be the first thing you get loaded up. You should be able to see the website in a table. If it's not expanded, expand it.
  6. Here you should see a small preview window and some more options under tabs. You should be seeing "Dashboard", "Hosting & DNS", and "Mail".
    With the "Dashboard" tab selected, look for the Security heading. The first option I have is SSL/TLS Certificates. Click this.View attachment 18271
  7. This should take you to the SSL/TLS Certificate for YOURDOMAINHERE.com. On the right of the page there should be an "Advanced settings" link/button (sorry going from memory for this point). This should take you to a page where you can upload ONLY a certificate and there is an empty table below. Don't upload here. Click on the button "Add SSL/TLD Certificate".
    View attachment 18272
  8. This should load a new page with various settings. Along the top of the page you have a breadcrumb with Websites & Domains > YOURDOMAINHERE.com > SSL/TLS Certificates >
    The page title of Add SSL/TLS Certificate and the first text box on the page asking for "Certificate name". It is required but doesn't matter what you name it. I called mine the same as my domain. In the settings everything was filled in, if yours isn't just fill in the text boxes.
  9. The next heading on the page is "Upload the certificate files" skip this and go to the "Upload the certificate as text" heading.
    View attachment 18268

    This is what we want.
  10. Copy and paste your .key file to the Private key (*.key) box.
  11. Copy and past your .pem file to the Certificate (*.crt) box.
  12. Finally we need something for the CA Certificate. Cloudflare support site there is an article named "Managing Cloudflare Origin CA certificates". Near the end of the article is the option step 4 "(Optional) Step 4 - Add Cloudflare Origin CA root certificates". Expand the RSA Root and copy the certificate, go back to your Plesk and paste it into the CA-certificate (*-ca.crt) text box on your Plesk (the third one down).
  13. Click the "Upload Certificate" button.
  14. Back on the "Upload a certificate here" page, you should now see something in that table. You can tick to select it, and click the "Secure Webmail" button (note "Secure Mail" won't work with this).
  15. Nearly done, go back to the Websites & Domains page, click on the Hosting & DNS tab from the website. Click "Hosting Settings".View attachment 18269
  16. On the Hosting settings page look for the "Security" heading. There should be a dropdown menu for Certificate. Under which you should see the newly created certificate (it's named whatever you called it on the other page) (along with "Default Certificate" and "Not selected").
    Click on the certificate you created.
    Scroll to the bottom of the page and press "Apply".
  17. If you've done everything right (hopefully these instructions were clear) then it should now be working! If you have nothing on your server then you may be seeing the default Plesk page. If wrong, then you might be seeing the Cloudflare page.
  18. Check your webmail.YOURDOMAIN.com to make sure that's working too.
Hope this helps

Thanks a lot for the istructions.
I have followed up your instructions, but i get “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error on my site.

Any idea the what can the reason for this issue ?
 
This is a pretty old thread but I've had the same issue so putting this here for future reference.

I agree, the instructions aren't entirely clear on the CloudFlare website as of writing. I found the following method works:
  1. In CloudFlare under the SSL/TLS heading for the site you want to secure click on the "Origin Server" sub tab link.
    View attachment 18270
  2. Click on Create Certificate if you haven't already.
  3. Save the Origin Certificate and Private Key on your computer - we will need the contents of these shortly.

    IMPORTANT: I found that I couldn't view the private key again once I'd closed the pop-up so if you don't save it then, as far as I can tell, you need to remove and create a new one.

    ALSO IMPORTANT: Cloudflare tells you to save the certificate a PEM file - THIS IS FINE.
    Be aware though that in Plesk it asks for a .CRT file. There might be a difference, I'm not going to claim to know what it is, but for our purposes it doesn't matter.


  4. Go to your Plesk and login.
  5. "Websites & Domains" should be the first thing you get loaded up. You should be able to see the website in a table. If it's not expanded, expand it.
  6. Here you should see a small preview window and some more options under tabs. You should be seeing "Dashboard", "Hosting & DNS", and "Mail".
    With the "Dashboard" tab selected, look for the Security heading. The first option I have is SSL/TLS Certificates. Click this.View attachment 18271
  7. This should take you to the SSL/TLS Certificate for YOURDOMAINHERE.com. On the right of the page there should be an "Advanced settings" link/button (sorry going from memory for this point). This should take you to a page where you can upload ONLY a certificate and there is an empty table below. Don't upload here. Click on the button "Add SSL/TLD Certificate".
    View attachment 18272
  8. This should load a new page with various settings. Along the top of the page you have a breadcrumb with Websites & Domains > YOURDOMAINHERE.com > SSL/TLS Certificates >
    The page title of Add SSL/TLS Certificate and the first text box on the page asking for "Certificate name". It is required but doesn't matter what you name it. I called mine the same as my domain. In the settings everything was filled in, if yours isn't just fill in the text boxes.
  9. The next heading on the page is "Upload the certificate files" skip this and go to the "Upload the certificate as text" heading.
    View attachment 18268

    This is what we want.
  10. Copy and paste your .key file to the Private key (*.key) box.
  11. Copy and past your .pem file to the Certificate (*.crt) box.
  12. Finally we need something for the CA Certificate. Cloudflare support site there is an article named "Managing Cloudflare Origin CA certificates". Near the end of the article is the option step 4 "(Optional) Step 4 - Add Cloudflare Origin CA root certificates". Expand the RSA Root and copy the certificate, go back to your Plesk and paste it into the CA-certificate (*-ca.crt) text box on your Plesk (the third one down).
  13. Click the "Upload Certificate" button.
  14. Back on the "Upload a certificate here" page, you should now see something in that table. You can tick to select it, and click the "Secure Webmail" button (note "Secure Mail" won't work with this).
  15. Nearly done, go back to the Websites & Domains page, click on the Hosting & DNS tab from the website. Click "Hosting Settings".View attachment 18269
  16. On the Hosting settings page look for the "Security" heading. There should be a dropdown menu for Certificate. Under which you should see the newly created certificate (it's named whatever you called it on the other page) (along with "Default Certificate" and "Not selected").
    Click on the certificate you created.
    Scroll to the bottom of the page and press "Apply".
  17. If you've done everything right (hopefully these instructions were clear) then it should now be working! If you have nothing on your server then you may be seeing the default Plesk page. If wrong, then you might be seeing the Cloudflare page.
  18. Check your webmail.YOURDOMAIN.com to make sure that's working too.
Hope this helps
Thanks a lot.
 
This is a pretty old thread but I've had the same issue so putting this here for future reference.

I agree, the instructions aren't entirely clear on the CloudFlare website as of writing. I found the following method works:
  1. In CloudFlare under the SSL/TLS heading for the site you want to secure click on the "Origin Server" sub tab link.
    View attachment 18270
  2. Click on Create Certificate if you haven't already.
  3. Save the Origin Certificate and Private Key on your computer - we will need the contents of these shortly.

    IMPORTANT: I found that I couldn't view the private key again once I'd closed the pop-up so if you don't save it then, as far as I can tell, you need to remove and create a new one.

    ALSO IMPORTANT: Cloudflare tells you to save the certificate a PEM file - THIS IS FINE.
    Be aware though that in Plesk it asks for a .CRT file. There might be a difference, I'm not going to claim to know what it is, but for our purposes it doesn't matter.


  4. Go to your Plesk and login.
  5. "Websites & Domains" should be the first thing you get loaded up. You should be able to see the website in a table. If it's not expanded, expand it.
  6. Here you should see a small preview window and some more options under tabs. You should be seeing "Dashboard", "Hosting & DNS", and "Mail".
    With the "Dashboard" tab selected, look for the Security heading. The first option I have is SSL/TLS Certificates. Click this.View attachment 18271
  7. This should take you to the SSL/TLS Certificate for YOURDOMAINHERE.com. On the right of the page there should be an "Advanced settings" link/button (sorry going from memory for this point). This should take you to a page where you can upload ONLY a certificate and there is an empty table below. Don't upload here. Click on the button "Add SSL/TLD Certificate".
    View attachment 18272
  8. This should load a new page with various settings. Along the top of the page you have a breadcrumb with Websites & Domains > YOURDOMAINHERE.com > SSL/TLS Certificates >
    The page title of Add SSL/TLS Certificate and the first text box on the page asking for "Certificate name". It is required but doesn't matter what you name it. I called mine the same as my domain. In the settings everything was filled in, if yours isn't just fill in the text boxes.
  9. The next heading on the page is "Upload the certificate files" skip this and go to the "Upload the certificate as text" heading.
    View attachment 18268

    This is what we want.
  10. Copy and paste your .key file to the Private key (*.key) box.
  11. Copy and past your .pem file to the Certificate (*.crt) box.
  12. Finally we need something for the CA Certificate. Cloudflare support site there is an article named "Managing Cloudflare Origin CA certificates". Near the end of the article is the option step 4 "(Optional) Step 4 - Add Cloudflare Origin CA root certificates". Expand the RSA Root and copy the certificate, go back to your Plesk and paste it into the CA-certificate (*-ca.crt) text box on your Plesk (the third one down).
  13. Click the "Upload Certificate" button.
  14. Back on the "Upload a certificate here" page, you should now see something in that table. You can tick to select it, and click the "Secure Webmail" button (note "Secure Mail" won't work with this).
  15. Nearly done, go back to the Websites & Domains page, click on the Hosting & DNS tab from the website. Click "Hosting Settings".View attachment 18269
  16. On the Hosting settings page look for the "Security" heading. There should be a dropdown menu for Certificate. Under which you should see the newly created certificate (it's named whatever you called it on the other page) (along with "Default Certificate" and "Not selected").
    Click on the certificate you created.
    Scroll to the bottom of the page and press "Apply".
  17. If you've done everything right (hopefully these instructions were clear) then it should now be working! If you have nothing on your server then you may be seeing the default Plesk page. If wrong, then you might be seeing the Cloudflare page.
  18. Check your webmail.YOURDOMAIN.com to make sure that's working too.
Hope this helps
I have went through this quite a few times, but I seem to be getting issues, whenever I run through it I just get: 1643933500488.png

But when I run this through whynopadlock.com:
Everything is showing as working.
1643933643951.png
 
Back
Top