Plesk: How To Maintain Let’s Encrypt SSL Certificates

Let’s Encrypt is a free, automated, and open certificate authority from the Internet Security Research Group (ISRG). It enables anyone to install a free trusted SSL certificate on their website and benefit from the enhanced security an encrypted connection provides. Unlike a self-signed SSL certificate, which also is free and secure (but not verified), a Let’s Encrypt certificate is recognized as fully verified and will display the padlock icon in the address bar of modern browsers.

Beginning with version 12.5, Plesk provides access to both a plugin which interfaces with the Let’s Encrypt CLI client and an extension for use within Plesk. Please note that Plesk’s support for Let’s Encrypt applies to some Linux distributions as well as Windows, and while these instructions may also apply to a Linux server running CentOS 6 or higher, additional configuration beyond the scope of this article may be necessary.

Pre-Flight Check

• This article is specifically intended for enabling the Let’s Encrypt extension in Plesk 12.5 on a Windows server.
• You will need to log into Plesk as an Administrator. In this tutorial, we’re using Plesk’s Power User view, but instructions for the Service Provider view are included alongside each step.
• The domain name on which you want to install a Let’s Encrypt SSL certificate must resolve in a browser (even if it has no content). You won’t be able to obtain a Let’s Encrypt on a domain name that does not pass validation.
• If you prefer to use a standard paid SSL certificate, you may refer to our article Windows: How to Generate a CSR and Install an SSL in Plesk.

Step #1: Enable the Let’s Encrypt Extension

1. Log into Plesk as an Administrator and click on the Extensions menu item, then click the Extensions Catalog button.
   If you’re using the Service Provider view, Extensions is under the Server Management menu item.
2. In the Extensions Catalog, click the Install button next to Let’s Encrypt to install the extension:
3. Once the extension has installed successfully, you will be returned to the main Extensions page, where you’ll see Let’s Encrypt listed:

Step #2: Install the Let’s Encrypt SSL Certificate on Your Domain

1. Click the Websites & Domains item in Plesk’s main menu, and click on the Let’s Encrypt menu item:
   If you’re using the Service Provider view, Domains is listed under the Hosting Services menu item. You’ll need to click on the domain name to access the screen below.

   

2. Enter a valid email address in the field and check the box next to Include www … if you want the SSL certificate to cover the domain both with and without the “www” prefix, and then click the Install button.
   Note: If you do not check the Include www … box, then your certificate will be valid only for yourdomain.com. If you do check the box, both yourdomain.com and www.yourdomain.com will be covered.

   

3. Once installed, you will be returned to the previous page where a success message will let you know the process is completed.If the process was not successful, check that the domain name you entered is valid. The domain name you entered in the Let’s Encrypt request form must:
   • be spelled correctly.
   • be registered and active.
   • resolve in a browser.

   If you have just created or added the domain to your server, make sure that you also have added the appropriate DNS records (an A record pointing to your server IP, at a minimum), and give any recent DNS changes time to propagate.

4. From the Websites & Domains menu page, click on the Hosting Settings link for your domain and ensure that the SSL support box is checked under the Section, and that the Let’s Encrypt SSL certificate is selected as shown below:
   If you’re using the Service Provider view, Domains is listed under the Hosting Services menu item. You’ll need to click on the domain name, then Hosting Settings.

   

Step #3: Renewing Your Let’s Encrypt SSL Certificate in Plesk

Plesk’s Let’s Encrypt extension makes renewals easy. As long as you generated and installed the SSL certificate using the extension as outlined above, Plesk will automatically renew the certificates with no further action on your part.

By default, Let’s Encrypt SSL certificates are valid for 90 days, but Plesk will automatically renew them once a month as recommended by Let’s Encrypt’s developers. The shorter renewal period helps guarantee your security and the process should be completely transparent to you and your site’s visitors. As a bonus, should a renewal attempt fail for any reason, you won’t run the risk of having to race the clock while troubleshooting the failure.

Should you ever need to renew a certificate manually, you can do that from the domain’s Let’s Encrypt menu item under Websites & Domains; the Install button text will change to read Renew if a certificate is already installed.