• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SSL Certificate for Plesk and IP issue

R

Rocky@

Guest
Scenario:
My server's main IP is 123.123.123.123
So my Plesk entry is on IP 123.123.123.123:8443
I have host.mydomain.com as hostname
So, obviously the hostname is nested on the domain mydomain.com
Mydomain.com is hosted on the main IP 123.123.123.123
As the result my entry to Plesk is, or shows, https://host.mydomain.com:8443

Problem:
I ordered a starterSSL for mydomain.com, thinking that by applying the certificate to mydomain.com I can automatically certify the Plesk entry, which uses the same IP, and the hostname that is related to mydomain.com

It didn't work so I sent a ticket to my datacenter that sold me Plesk, and support it. Support came as that I could not use the certificate for mydomain.com if it is hosted on the main IP, and that I must host mydomain.com on an additional IP if I wanted to apply the certificate on this domain.

OK. I am a little confused here. If I host mydomain.com on an additional IP, how could that cover the Plesk entry on a different IP?

But, I went ahead and put mydomain.com on an additional IP. Now, the certificate works only on www.mydomain.com. Not even mydomain.com, and definitly not the Plesk entry.

Ultimately, I would like to know, how you guys apply SSL certificate on Plesk, so that the customers won't see that security warning when accessing Plesk.

Hope someone can help.

Sam
 
I've been wondering about this for about a year now. So far I've found no way around it. I think it has to do with the 8443 port but I'm not sure.


Anyone have a solution or are we SOL?

-poke
 
Ok, this was some what very hard for me to do as well and the information from ______ was not all that helpful but it got me thinking so it was info in the right place. So i'll break it down like this for everyone looking to use their main domain along with plesk and have plesk be able to use your SSL.

First make sure you goto the server link in plesk and then goto IP Pool click on the main IP that you use for your server and set the server cert to the default cert. This is very important in order to start the processe of setting up your real cert attached to your ded ip for the box/server.

Next, If you have a cert that was set up in domains >>certificates you'll want to remove the cert and this should be able to be done now that you sent the cert for your main ip to the default cert.

Click on the server link to the left in the plesk menu and then goto Certificates button and click on it. No matter what you do you'll need to generate a new csr & key to send in to the company you ordered your SSL cert from this way they can generate you an new SSL cert for the area you need it in cause the one you made if you made one under Domains >>Certificates will not work.

Now once you have the info and certs back from your SSL cert provider you want to go back to server >>certificates and then click on the certificate you newly generated the csr/key for and then scroll down to where you can browse to add the certificate and the CA files. Now load the files and once you're done doing that you'll want to go back to servers >>IP Pool and select your main IP and use the drop down menu to select your new cert which will be whatever you named it when you generated the new csr / key files.

once you set the cert to the main IP you should have a crown next to the left of the IP. Now this is important cause you're not done yet you need to go back to server >>Certificates and check the box next to your certificate and set it as the default cert after that make sure the box is checked still and select setup <----Careful make sure you read and do what it says while it's trying to set your certificate. after all that you should be done.


I know this is shabby but i'm typing this fast cause i have little time. so, Recap.

1. Make sure you have no certificates listed under Domains >>Certificates that is for your Domain and the Main IP to the box / server.

2 Your certificate for the box / server is gonna be placed at the Server >>Certificates area NOT the domains >> certificates area.

3. Make sure you set the main IP to the box / Server to the default certificates in the Server >>IP Pool area.

4. Make sure you send in your NEW csr file to the SSL cert provider make make sure it's generated from step 1 area.

5. Once added make sure you set the IP to the new certificate and then go back and make sure you use setup after you set the cert as default notice i said default.


Well i'm not proof reading this but if you have any questions or you need help and don't understand you can post here and i'll try to help you.

My Plesk Versions: 7.5.3 Reloaded for *nix RHel3
Sitebuilder Version for plesk: 1.1.1

BTW the port has nothing to do with it. If your SSL cert works for say www.mydomain.com then it'll work for www.mydomain.com:8443 as long as you try to follow my directions as sloppy as they are but should get you where you need to be. This works only for plesk so don't say if thats so how come it doesn't work for webmin or any other stand alone server software cause I only know it works for plesk.


- Mark
 
:D I feel like an idiot! That explains it perfectly. Thanks for taking the time to write that out!

-poke
 
Thanks for the solution. I am surprised that even the guys at the datacenter couldn't help.

I combined this with the setting for admin.domain.com redirection to :8443, as posted by "garan" found in the following link.

http://forum.sw-soft.com/showthread.php?s=&postid=105986#post105986

I would like to go one more step. That is to set up a dns template on Plesk so that when a new domain name is created it would have a dns entry for admin.newdomain.com redirecting to admin.domain.com which goes to the entry to Plesk with SSL setup above.

I think I should use CName, but when I tried that with a live site, it doesn't work.

admin.livesite.com CName admin.domain.com

Do I have to wait for it to resolve, or do I need to create a subdomain admin.livesite.com for it to work?

Thanks for the help!

Sam

---------------Edited---------------

OK now it is working. I guess it needed the time to resolve.
 
Does this propagate through plesk.

Hey Guys and Gals...

Thanks for the excellent and informative tutorial Mark. Well worth searching for.

I have a couple of questions which i'm not sure are related or not but here goes.

1) Does the default ssl certificate propagate (for a word) through plesk?

I would expect if this is the default cert then all the https folders under our main shared ip, which is the default ip, and hosts all our domains would be able to use this cert. Is that correct or am I wishful and/or dreaming ;)

2) Also, on another side note once the default cert is loaded with the correct ssl cert (as opposed to the swsoft cert) can we share that IP again or does it have to remain exclusive?

Cheers,
Maarten
 
2) Also, on another side note once the default cert is loaded with the correct ssl cert (as opposed to the swsoft cert) can we share that IP again or does it have to remain exclusive?


>I'm too high to answer your other questions, but i do know that the IP must remain exclusive.
 
Originally posted by poke
2) Also, on another side note once the default cert is loaded with the correct ssl cert (as opposed to the swsoft cert) can we share that IP again or does it have to remain exclusive?

I also have a similar question.

I know, in Plesk, that you can still use those IP's to host other sites, except those sites will not display a valid SSL certificate.

But, what confused me was, then what does exclusive IP really mean, since you can still assign it to other sites? Is it just merely a mark to tell yourself that you have assigned that IP to someone and want to give that person exclusive use?
 
SSL certificates are tied to a domain which resolves to an IP, or they can be tied to an IP address directly [however, if you do that, then you can't move the cert to another server with another IP address].

SSL certificates for one fully qualified domain name and IP address pair will not be valid for another FQDN/IP pair. Needing SSL certificates for multiple domains on one server is one of the few valid reasons for getting multiple IP addresses for a server, under the ARIN Justification rules,
 
Back
Top