Resolved Secure Plesk with an SSL/TLS certificate

[LordLiverpool]

Hello Plesk,

When I goto to my server I'm greeted by the Chrome certificate error screen.


Upon logging in Security Advisor tells me to secure my server with an SSL certificate.


But when I try to install the LetsEncrypt certificate on my AWS Lightsail Server.


I get an error message to say my domain is probably blacklisted.


Is there a workaround for this? Should I contact LetsEncrypt or am I wasting my time?

Thanks in advance.

 

[IgorG]

Yes, you are correct - the problem is on LE side. Possible solutions you can find in this KB article: Cannot issue Let's Encrypt certificate in Plesk: Error creating new authz :: Policy forbids issuing for name

 

[LordLiverpool]

@IgorG Thanks for replying.

1. I followed your link to Cannot issue Let's Encrypt certificate in Plesk: Error creating new authz :: Policy forbids issuing for name
2. Which lead me to  How to secure a Plesk hostname on port 8443 with an SSL certificate (Let's Encrypt / other certificate authorities)
3. Step 5 said Note: The hostname/domain name must be resolved to a public IP address of the Plesk server from the Internet.
4. When I looked up my servers name on MxToolBox it resolved to a different IP address.
5. I tried installing the certificate anyway, but no surprises it was refused.

Is there a workaround to this?

The attached images tell a better story.

Thanks very much.

 

[IgorG]

As you can see there are different IPs. Is IPs 34.256.xxx and 18.203.xxx belongs to the same server? Why there are different IPs?

 

[LordLiverpool]

I don't know why?!? Sorry.

I understand that my Plesk Server needs a static IP address to resolve the DNS for the websites hosted on it.
I had to explicitly ask for a static IP address and I'm billed monthly by AWS for the privilege.

I was expecting its name ec2-xxx-xxx-xxx-xxx.eu-west-1.compute.amazonaws.com to resolve to IPs 34.256.xxx ?!?
What am I misunderstanding here?

(see image attached)

Thanks very much.

 

[LordLiverpool]

I'll open a thread with LetsEncrypt and see what they say and report back here.

Thanks.

 

[LordLiverpool]

I opened a thread and found a solution.

Thread Here:

Could not issue a Let's Encrypt SSL/TLS certificate for AWS Lightsail Plesk Server

@_az Thanks for the heads-up on this. I will now rename my server to something more meaningful. Cheers.

community.letsencrypt.org

Solution Here:

How to secure a Plesk hostname on port 8443 with an SSL certificate (Let's Encrypt / other certificate authorities)

Applicable to: Plesk for Linux Plesk for Windows Question How to secure a Plesk hostname on port 8443 with an SSL certificate (Let's Encrypt / other certificate authorities)? Answer Securi...

support.plesk.com

Specifically this comment helped me understand what to do:

After assigning a Let’s Encrypt certificate to a subdomain just go to Tools & Settings > SSL/TLS Certificates

Find the option Certificate for securing Plesk and click on [Change] button right to it.

Choose the certificate assigned to subdomain and click OK .

Maybe Step4 of the instructions could be updated as it wasn't clear (to me) as to what to do.

OK so the answer was to use a Let's Encrypt certificate I had successfully issued to one of the domains hosted on my server.
And then use that certificate to secure my server (and the mail)



I used a domain that I owned rather than a client's domain.



So now I no longer access the server insecurely via its IP address i.e. http://xxx.xxx.xxx.xxx:8443
but instead securely like so: https://example.com:8443



See images attached.

Thanks very much.