Question Securing Plesk at hostname and each domain name with SSL

[zigojacko]

I'll give a typical scenario:-

Plesk on a server being used to host multiple customers (subscriptions)...

Hostname is like: server-id.myhosting.com

I have the Let's Encrypt SSL certificate securing Plesk at server-id.myhosting.com but then Plesk flags as unsecure when accessed via any of the customer's domains, e.g:

domain1.com:8443
domain2.com:8443
domain3.com:8443

What is needed to secure Plesk at the domains as well as at the hostname?

Most of the domains do have an SSL certificate for their website as well. Should their own SSL certificate be covering Plesk access via their domain or is it possible with Let's Encrypt?

Or do I have to set up something with the DNS records?

 

[Martin Dias]

The panel should be accessed over the hostname normally as sw-cp-server is not using SNI

 

[zigojacko]

The panel should be accessed over the hostname normally as sw-cp-server is not using SNI

That's the case for us as system administrators but what if clients want to access their control panel on their domain name? Like domain.com:8443 ?

 

[Martin Dias]

You should provide them with the correct URL to use

 

[zigojacko]

You should provide them with the correct URL to use

Um... I am !?

It's pretty common for a business to access their control panel on their own domain name.

 

[Martin Dias]

Alternatively, you could add a subdomain with the Plesk Onyx solution here:

How to make Plesk interface accessible over a hostname/domain without entering the port number

Applicable to: Plesk for Linux Plesk for Windows Question How to make Plesk interface accessible over a hostname without entering the port number? For example, https://server.example.com. Answer...

support.plesk.com

 

[zigojacko]

Alternatively, you could add a subdomain with the Plesk Onyx solution here:

How to make Plesk interface accessible over a hostname/domain without entering the port number

Applicable to: Plesk for Linux Plesk for Windows Question How to make Plesk interface accessible over a hostname without entering the port number? For example, https://server.example.com. Answer...

support.plesk.com

That's not what I am trying to do - I think you miss the point of my post.

Plesk can be access over https fine at the hostname - I was just wanting to know if it's possible for subscribers to access Plesk at their own domain names using the Let's Encrypt SSL certificate.

 

[Martin Dias]

Well, I did not miss the point, I started to provide you alternatives because it is not possible to use the LE from the domains with the Panel, this due as stated before:

The panel should be accessed over the hostname normally as sw-cp-server is not using SNI

So only solutions that I am aware for now:

• Multi Domain SSL that included all the domains (not recommended as quite expensive normally)
• Provide the correct URL to admin area
• Subdomains with the proxy rules

 

[zigojacko]

Okay, thanks for your help - this is what I wanted to know, what my options were.

 

[learning_curve]

@zigojacko Further to the 1st item mentioned here:

So only solutions that I am aware for now:
Multi Domain SSL that included all the domains (not recommended as quite expensive normally)
Provide the correct URL to admin area
Subdomains with the proxy rules

Actually, it is possible to do this for free / avoid any cost (apart from the expense of your own time that's taken to do it). How, is covered in an older post (THIS ONE) which you were involved with, but to be specific, it's covered in Post #9 i.e. by using an external to Plesk tool plus there's a link in there to an even older thread, with an actual example of this (albeit for a different reason, but one which will still work in Obsidian, with no problems) In the end, it's really down to how many domains you need this provision for, versus the extra work needed from you, to provide it...

 

[zigojacko]

@zigojacko Further to the 1st item mentioned here: Actually, it is possible to do this for free / avoid any cost (apart from the expense of your own time that's taken to do it). How, is covered in an older post (THIS ONE) which you were involved with, but to be specific, it's covered in Post #9 i.e. by using an external to Plesk tool plus there's a link in there to an even older thread, with an actual example of this (albeit for a different reason, but one which will still work in Obsidian, with no problems) In the end, it's really down to how many domains you need this provision for, versus the extra work needed from you, to provide it...

The version of Plesk is Obsidian (latest version available) - this issue still happens for me regardless of version. Most of our servers are running Obsidian.

For one domain (subscription) in Plesk, we need to secure the website, mail and access to Plesk via the domain on port 8443.

That's it.

 

[learning_curve]

The version of Plesk is Obsidian (latest version available) - this issue still happens for me regardless of version. Most of our servers are running Obsidian.

Yep, we run the same (forum signature) The alternative solution posted works absolutely fine on the latest Obsidian release

For one domain (subscription) in Plesk, we need to secure the website, mail and access to Plesk via the domain on port 8443.

Yep, for use on only 1 domain or on multiple domains, it will work - if the config is made correctly. The forward thought for the correct conifg is required before you start to use use the non-plesk application i.e. THIS (acme.sh) in order to provide the certificate(s). You can DM message if you want to explore this possibility further.

 

[zigojacko]

Yep, we run the same (forum signature) The alternative solution posted works absolutely fine on the latest Obsidian release
Yep, for use on only 1 domain or on multiple domains, it will work - if the config is made correctly. The forward thought for the correct conifg is required before you start to use use the non-plesk application i.e. THIS (acme.sh) in order to provide the certificate(s). You can DM message if you want to explore this possibility further.

I will DM you as I haven't got a clue what you just said.