Resolved How to renew default SSL certificate without adding new one

[Hiren]

Hello

Let me brief you guys about the problem, on one of our plesk server we have around 30 websites which is using default SSL certificate. Recently that certificate is expired. I know how to add a new certificate for any particular domain but i want to use only one certificate for all 30 domains so that maintenance will be easy.

So can you please help me to figure our how can i renew that default certificate which expired so that it is automatically taken into account by all that 30 domains or is there a way to add new certificate and make that default plus it should be applied to all existing domains which using "default" certificate.

Thank you for reading

Looking forward to hear from you to help me out

 

[IgorG]

Look at this thread - https://talk.plesk.com/threads/renew-plesk-panel-ssl-self-signed-certificate.338262
I hope it will help.

 

[lvalics]

If I understand it right, you want to order for 30 domains one single certificate and use that for all domains.
What I can suggest in this case is to use a MultiDomain certificate like: https://www.namecheap.com/security/ssl-certificates/comodo/positivessl-multi-domain.aspx (could be also other provider)
You order for 3-4-5-6-7-n domain and you can add anytime new domain to it. In this way you have one certificate.
Now still remain the question how you setup in PLESK, but as I forsee (without try out) you add the same certificate to each domain you need it. In theory should work. Each year on renewal you change in one place and then I think you need to assign it to each domain or you write a small bash script to do this.
Hope this help.

LATER EDIT: Missed the default certificate, so will not work, but I still leave this message if someone will need it.

 

[Hiren]

Thanks IgorG, that link look like a solution let me give it a try.

Thank you for your suggestion Ivalics, but right now my client want to use only self-signed certificates.

 

[Hiren]

Hello @IgorG

As per the link https://kb.plesk.com/en/1736 you had shared if i add a new certificate the old one should be renamed to httpsd.pem.sav but there is no update in
"/usr/local/psa/admin/conf/httpsd.pem" file or "/usr/local/psa/admin/conf/" directory. I think there is some confusion or i don't understand it at all. Please help me out

 

[IgorG]

If you have Ubuntu or Debian server with Plesk installed, check path /opt/psa/admin/conf/

 

[Hiren]

/opt/psa/admin/conf/ directory does not exist, and it is cantos 6.6 no idea about distribution

 

[IgorG]

Are you sure that plesk is installed on this server?
What is output of command

# plesk version

?

 

[Hiren]

Product version: 12.5.30 Update #37
Update date: 2016/06/16 03:29
Build date: 2016/06/08 10:00
OS version: CentOS 6.6

 

[IgorG]

And what is output of commands from step 2 of mentioned KB article:

# cd /usr/local/psa/admin/conf/
# mv httpsd.pem{,.old}

?

 

[Hiren]

Sorry for late reply, I had not tried that i am afraid if it breaks something else. Anyway if you think it is worth trying than let me know ill try after backing up that file

 

[Hiren]

Hello

i had tried second step, and for sure certificate is created and old one is backed up, but still there is no effect on domains that are using default certificate so either this is not default certificate or the certificate used by domains is not default. But since in hosting settings of each domains SSL support is enabled and no certificate is selected i think it is only default that they are using, please have a look at snap.

 

[Linulex]

why don't you install the Let's Encrypt extention and give each website its own valid certificate? You can even secure plesk itself with it.

self singed certs are sooo 2015 ...

else the procedure is:

- go to plesk --> Tools & settings --> ssl certificates
- add a new self signed cert
- select and click: "make default"
- select and click: "secure plesk" (if you want this cert also for plesk itself)

- go to plesk --> Tools & settings --> IP adresses
- klick the ip adres you want to have this cert
- select the cert from the list and save

- copie /usr/local/psa/admin/conf/httpsd.pem to /etc/httpd/conf/httpd.pem

- restart psa
- restart httpd (apache)

done.

regards
Jan

 

[Hiren]

Thanks @Linulex

I followed your steps

- go to plesk --> Tools & settings --> ssl certificates
- add a new self signed cert
- select and click: "make default"
- select and click: "secure plesk" (if you want this cert also for plesk itself)

- go to plesk --> Tools & settings --> IP adresses
- klick the ip adres you want to have this cert
- select the cert from the list and save


And it's working now, i did not even have to do steps below

- copie /usr/local/psa/admin/conf/httpsd.pem to /etc/httpd/conf/httpd.pem

- restart psa
- restart httpd (apache)

I think something wrong with my server, server had not even directory "/usr/local/psa/admin/conf/". But good thing is that i had checked some domains and the certificate seems renewed now. Let me know if not having directory "/usr/local/psa/admin/conf/" is ok, so that i can be sure about the changes i did and mark this thread as solved.

 

[Inuya5ha]

A button to renewing the LetsEncrypt Plesk certificate would be great, instead we now have to manually add a new certificate and delete the old one. Also we will loose valid SSL until these steps are performed.