Instructions

Plesk 10.3 and higher supports SNI. This allows multiple SSL Certificates to be installed on a shared IP address. For more information, please see: How can I host multiple sites on a single IP address?

1. Log into the Plesk Server Administrator Panel, see Figure 1:

   
   Figure 1: Server Administration Panel

2. From the left-menu, click on Tools & Utilities, see Figure 2.

   
   Figure 2.

3. Click on SSL Certificates, see Figure 3.

   
   Figure 3.

4. Click on Add SSL Certificate, see Figure 4.

   
   Figure 4.

5. Specify the certificate properties:
   • Certificate name. This will help you identify this certificate in the repository.
   • Your location and organization name. The values you enter should not exceed the length of 64 symbols.
   • Domain name. The domain name for which you want to purchase an SSL certificate. This should be a fully qualified domain name. For this example, we use: dv-example.com.
   • Email. The website administrator's e-mail address.

   Double-check to ensure that all the provided information is correct and accurate, as it will be used to generate your private key.

6. Click the Request button. Your private key and certificate signing request will be generated and stored in the repository.
7. In the list of certificates, click the name of the certificate you just created. A page showing the certificate properties opens.
8. Locate the CSR section on the page, and copy the text that starts with the line -----BEGIN CERTIFICATE REQUEST----- and ends with the line -----END CERTIFICATE REQUEST----- to the clipboard.
9. Submit your CSR to your third-party certifying authority. Fill out any information they require. When you fill in the server type, select Apache or Apache OpenSSL, whichever is available.
   • Verisign - choose Apache
   • Thawte - choose Apache_OpenSSL
   • GeoTrust - choose Apache + Open SSL

   It may take a few days for the certifying authority to process your request. If you have questions about the status of your request, please contact your third-party vendor.

10. Obtain your certificate, and any required chain certificates, from your certifying authority. You may be prompted to download something called a bundle. Do so, unzip it if necessary, and open it. You will likely have one certificate and three chain certificates inside. You can open these files in a text editor, such as Notepad or TextEdit, for easy copying and pasting. Chain certificates are also called CA certificates. Import your certificate and any chain certificates.
11. Return to the SSL certificates repository (Tools & Settings > SSL Certificates). Upload the SSL certificate: Click Browse in the middle of the page and navigate to the location of the saved certificate.
12. Select it, and then click Send File. This will upload and install the certificate against the corresponding private key.
13. Return to the SSL Certificates repository (Tools & Settings > SSL Certificates).
14. Next, we need to assign the certificate to the IP address. Click on Tools & Utilities and click on IP Addresses.
15. From the SSL Certificate drop-down menu, select the certificate you installed and click on the OK button.

Every SSL certificate needs to be on its own IP address. If you need only one certificate on your server, you are welcome to replace the default Plesk certificate with your new purchased certificate, and you will not need a new IP. However, if you do not want to replace the existing certificate on your current IP address, you will need to purchase a new IP for your server ($1.00 per month). Please get the new IP and update the domain before proceeding.

Instructions

1. Generate your CSR (certificate request).
   1. Log into Plesk.
   2. Depending on where you want to upload the certificate, click on Server,

      

      OR

      Click on Domains, then on your domain.

      

      Both options will work just as well, but if you add it under the domain, that domain has to be the only one on the IP address, and the IP address has to be set to Exclusive. If you add it under the Server section, you can have multiple domains on the IP, and the new certificate will apply to all of them (particularly useful if you have a wildcard certificate).

   3. Click on Certificates.

      

   4. Click Add New Certificate.

      

   5. Fill in the form details, then click Request.

      

      • Certificate name: The name you will use in Plesk to reference this certificate. Must be different from your other certificates.
      • Bits: 2048 if your certificate vendor supports it.
      • Country: Your country. This section and the next three will auto-fill with your Plesk information.
      • State or province: Your state or province.
      • Location (City): Your city.
      • Organization name (company): Your company.
      • Organization department/division name: Optional. Your department.
      • Domain name: This is the domain or subdomain for which you want the certificate. Some common examples: example.com, www.example.com, store.example.com. Note that you MUST use this same domain or subdomain on your site for the certificate to work properly.
      • E-mail: The email address that you want to receive correspondence regarding this certificate.

      TIP:

      If you're not sure what to put in any of these fields, contact your certificate vendor - they will be the ones verifying your company details before they generate your certificate.

   6. You will be returned to the main Certificates page.
   7. Click on the certificate you just generated.

      

   8. Scroll down. You'll see your CSR and Private key. Copy the chunk of text for the CSR, including the beginning and ending lines, into the form your certificate vendor supplies.

      

      If you need to access the CSR again, please follow steps a-c and g above.

2. Submit your CSR to your third-party certifying authority. Fill out any information they require. When you fill in the server type, select Apache or Apache OpenSSL, whichever is available.
   • Verisign - choose Apache
   • Thawte - choose Apache_OpenSSL
   • GeoTrust - choose Apache + Open SSL

   If you need to access the CSR again, follow steps a-c and g above, then scroll down to the CSR.

   • It may take a few days for the certifying authority to process your request. If you have questions about the status of your request, please contact your third-party vendor.
3. Obtain your certificate, and any required chain certificates, from your certifying authority. You may be prompted to download something called a bundle. Do so, unzip it if necessary, and open it. You will likely have one certificate and three chain certificates inside. You can open these files in a text editor, such as Notepad or TextEdit, for easy copying and pasting.
   • Chain certificates are also called CA certificates.
4. Import your certificate and any chain certificates.
   1. Log into Plesk.
   2. Depending on where you originally generated the CSR, click on Server,

      

      OR

      Click on Domains, then on your domain.

      

      Both options will work just as well, but if you add it under the domain, that domain has to be the only one on the IP address. If you add it under the Server section, you can have multiple domains on the IP, and the new certificate will apply to all of them (particularly useful if you have a wildcard certificate).

   3. Click on Certificates.

      

   4. On your computer, open your SSL certificate with a plain text editor. See Step 3 for details.
   5. Copy the certificate from the text editor and paste it into the Certificate field in Plesk. Copy the entire thing, including the beginning and ending lines.

      

   6. If you have any chain certificates, or CA certificates, paste those into the CA certificate field, one after the other. Again, include the beginning and ending lines for each chain certificate.
   7. Click Send Text at the bottom.
   8. Alternately, you can upload the certificate and any CA certificates using the Browse buttons. The files have to be plain text. When you're done, click Send File.

      

5. If you uploaded the certificate to the Server section, you will now need to assign the certificate to your IP address. You will also need to make sure SSL support is enabled for your domain, which is covered in the next step. Skip to the next step if you uploaded the certificate under the Domains section.
   1. Click on Server on the left.

      

   2. Click on IP Addresses.

      

   3. Click on the IP address for this domain.

      

   4. Select your new certificate from the SSL Certificate dropdown, then click OK.

      

6. Make sure your domain has SSL support enabled. Also, if you uploaded the certificate to your domain, you will now need to select that certificate for the domain.
   1. Click on Domains on the left.

      

   2. Click on Setup.

      

   3. Make sure SSL support is enabled, under Preferences. Also, decide whether you want to allow the server to display the contents of the httpdocs directory over https://. If so, select Use a single directory for housing SSL and non-SSL content. If not, leave it unchecked.

      

   4. Select your new certificate from the Certificate dropdown menu.

      

   5. If the certificate isn't there, you'll need to make sure this is the only domain on the IP address, and that the IP address is set to Exclusive.
      • Follow steps a-b in the previous section, then look at the IP address. Does it show the number 1 in the Hosting column on the far right? Is it set to Exclusive?

      

      • If the answer is no for either of these, you will either need to juggle your domains so that this domain can use this IP exclusively, or you should re-upload the certificate in the Server section instead. Just start at Step 4 again, except you will copy the certificate, any CA certificates, and the private key from the domain section of the server.
7. Your site is now encrypted by an SSL certificate. You must visit your site over https:// to see the effects. Make sure you use the exact domain or subdomain for which you purchased the certificate.