Article ID: 1736, created on Mar 7, 2007, last review on Jun 26, 2016

  • Applies to:
  • Plesk for Linux/Unix
  • Plesk 12.5 for Windows

Question

When Plesk or another site is opened via HTTPS, a warning is displayed regarding an expired certificate.

How do you renew this certificate?

Answer

Please note that installations of Plesk 7.x, 8.x, and 9.x are compatible with Offline Management of Virtual Automation Power Panel and connections to port 8443 can be served by services on the Hardware Node. If this is the case (the URL contains "/vz/cp/"), follow the steps described in this Knowledgebase article: How do I install an SSL certificate for Power Panel or Virtual Automation Management Node?.

There are no special Plesk certificates provided by Odin. The default SSL certificate you used for Plesk is a self-signed certificate, which is generated once during your Plesk installation. The presence of this SSL certificate is required for SSL connections.

This is a default certificate shown in the server certificate repository at Server -> Certificates (for Plesk 7.5, 8.x) and at Settings -> SSL Certificates (for Plesk 9.x).

You can create your own self-signed certificate on the Certificates page, or purchase a real certificate from one of the certificate authorities.

To create a new self-signed SSL certificate, log into Plesk as an administrator, go to the Certificates page, and create the new certificate.

For Plesk version 7.x, 8.x:

Server -> Certificates -> Add New Certificate

For Plesk version 9.x:

Settings -> SSL Certificates -> Add SSL Certificate

For Plesk version 10.x:

Tools & Utilities -> SSL Certificates -> Add SSL Certificate

For Plesk version 11.x

Tools & Settings -> SSL Certificates -> Add SSL Certificate

For Plesk version 12.x

Tools & Settings -> SSL Certificates -> Add

Fill in the required preferences and click the button Self-Signed.

A new self-signed SSL certificate will be created in the server certificate repository:

# ls -la /usr/local/psa/admin/conf/httpsd.pem
-r-------- 1 root root 3089 Sep 23 12:50 /usr/local/psa/admin/conf/httpsd.pem

The old one will be renamed as httpsd.pem.sav

# ls -la /usr/local/psa/admin/conf/httpsd.pem.sav
-r-------- 1 root root 3046 Sep  5 01:23 /usr/local/psa/admin/conf/httpsd.pem.sav

To assign this SSL certificate for securing your Plesk installation, check the newly-enabled SSL certificate in the list and click on Secure the panel if you have Plesk 8.2 or later. In older Plesk versions, click Install.

You can also use HTTP mode to access the Plesk interface: navigate to http://hostname:8880 and follow the same instructions as above.

Renewal is also possible through SSH:

To assign SSL certificate for default Plesk IP address use the following command:

# /usr/local/psa/bin/certificate -ac "Certificate" -admin example.com -ip <YOUR PLESK IP>

Note: example.com should be changed to your valid domain name.

For additional information refer to http://docs.plesk.com/en-US/12.5/cli-linux/using-command-line-utilities/certificate-ssl-certificates.39009/

OR

  1. Connect to the Plesk server under root

  2. Go to the certificate directory and rename it:

    # cd /usr/local/psa/admin/conf/
    # mv httpsd.pem{,.old}
    
  3. Create a new certificate with the same name:

    # openssl req -new -nodes -x509 -out httpsd.pem -newkey rsa:2048 -keyout httpsd.pem -days 3650
    

    Fill out all the required fields.

    In this case, a PEM type certificate will be created, valid for 10 years with a private part without a password and 2048 bit key length.

  4. Restart sw-cp-server:

    # service sw-cp-server restart
    

See the Plesk documentation for more information on how to set up self-signed certificates.

After you have created or uploaded a new certificate into Plesk and wish to use it for domains, you should set it for every IP you need.

This can be done at Server -> IP Addresses -> "Choose IP" by selecting the required certificate in the "SSL Certificate" drop-down menu.

NOTE: The browser will still warn you that the certificate is not from a trusted source since you created a self-signed certificate. In order to get rid of this warning, it is necessary to buy a certificate from an authorized certificate seller.

Search Words

SSL site expired

ssl certificat doesnt work

secure connection failed

default ssl certificate

SSL Certificate

problem replacing shared certificate

new SSL certificate cannot be selected / used by panel

ssl cert not applying

secure connection failed when trying to login to panel

install a new self signed certificate

ssl connection

SSL for 8443 port

ssl certificate

invalid security certificate

secure plesk connections

fail to apply ssl to plesk cp

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Syntax error on line 55

56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 dbd9c930a53370cd4abd5c7ff1b5f55c 6311ae17c1ee52b36e68aaf4ad066387 8b661cab116c79dbe6c4ac5bbdf1c8cb 85a92ca67f2200d36506862eaa6ed6b8 a766cea0c28e23e978fa78ef81918ab8

Email subscription for changes to this article
Save as PDF