How to Install SSL Certificate on Plesk

Introduction to Plesk SSL Installation

Plesk is one of the world's leading web hosting control panels, trusted by millions of server administrators on both Linux and Windows platforms. Its powerful SSL/TLS Certificates module makes securing websites straightforward, whether you're managing a single domain or hundreds of sites across multiple servers.

In this comprehensive guide, you'll learn the complete process of installing SSL certificates on Plesk—from generating a Certificate Signing Request (CSR) using our free CSR Generator tool to verifying your installation with our SSL Checker. We'll cover both Linux (Apache/Nginx) and Windows (IIS) servers, troubleshoot common errors, configure HTTPS redirects, and share best practices for ongoing SSL management.

Understanding how SSL works is fundamental to web security. SSL certificates encrypt connections between visitors' browsers and your server, protecting sensitive data like login credentials, payment information, and personal details. With Google using HTTPS as a ranking factor and browsers displaying "Not Secure" warnings, SSL is essential for every website.

Plesk supports multiple SSL certificate types including DV SSL certificates for quick validation, OV SSL certificates for business verification, and EV SSL certificates for maximum trust. This guide works with all Plesk versions including Obsidian and Onyx.

What You'll Need Before Starting

Before beginning the SSL installation process on Plesk, ensure you have these prerequisites ready:

Prerequisites Checklist

If you haven't purchased an SSL certificate yet, browse our SSL certificates to find the right option for your needs. We offer certificates from trusted CAs with prices starting at just $2.99/year.

Linux vs Windows: Key Differences

Step 1: Generate CSR Using My-SSL Tools

The first step in obtaining an SSL certificate is generating a Certificate Signing Request (CSR). While Plesk has a built-in CSR generator, we recommend using our free CSR Generator tool for better control and the ability to save your private key securely.

How to Generate a CSR

- For a standard certificate: example.com (automatically covers www.example.com)

- For a wildcard certificate: *.example.com

- For a subdomain: shop.example.com

- Organization Name: Your legal business name

- Organizational Unit: Department (e.g., "IT Department")

- City/Locality: Your city

- State/Province: Full state name (not abbreviated)

- Country: Two-letter country code (e.g., US, GB, DE)

- Email: Contact email for certificate management

Critical: Your private key is generated locally in your browser and never transmitted to any server. Store it securely—you'll need it during installation, and losing it means you'll need to regenerate the CSR and reissue your certificate.

For a complete walkthrough of all our tools, see our Complete Guide to Free SSL Certificate Tools.

Step 2: Order Your SSL Certificate

With your CSR ready, you can now order your SSL certificate. The type of certificate you choose depends on your website's needs:

Ordering Process

- Email validation (sent to admin@yourdomain.com)

- DNS validation (add a CNAME or TXT record)

- HTTP validation (upload a file to your server)

Your certificate package typically includes:

For detailed information on validation types, read our guide on SSL Certificate Types.

Step 3: Access Plesk SSL/TLS Settings

Now that you have your certificate files, it's time to install them in Plesk. The steps are similar for both Linux and Windows, with slight interface variations.

Navigating to SSL/TLS Certificates

- In Plesk Obsidian: Click directly on "SSL/TLS Certificates"

- In older versions: May be under "Hosting Settings" or "Security"

- Add SSL/TLS Certificate (upload new certificate)

- View existing certificates

- Manage Let's Encrypt certificates

- Configure certificate settings

For Windows IIS Servers

The interface is nearly identical on Windows Plesk. The main difference is the backend handling—Plesk automatically manages IIS bindings when you assign certificates.

Step 4: Add SSL Certificate in Plesk (Linux)

For Linux servers running Apache or Nginx, follow these steps to upload your SSL certificate.

Method 1: Upload Certificate Files

- Locate the "Private key" field

- Paste your entire private key including headers:

```

-----BEGIN RSA PRIVATE KEY-----

[Your private key content]

-----END RSA PRIVATE KEY-----

```

- Locate the "Certificate" field

- Paste your SSL certificate including headers:

```

-----BEGIN CERTIFICATE-----

[Your certificate content]

-----END CERTIFICATE-----

```

- Locate the "CA certificate" field

- Paste the complete intermediate/chain certificate

- This may contain multiple certificates—include all of them

Method 2: Upload Files Directly

Instead of pasting text, you can use the file upload option:

Important: Use our Key Matcher tool to verify your private key matches your certificate before uploading.

Step 5: Add SSL Certificate in Plesk (Windows/IIS)

For Windows servers running IIS, you have additional options including PFX/PKCS#12 import.

Method 1: Upload Certificate Files (Same as Linux)

Follow the same steps as the Linux installation—paste or upload your private key, certificate, and CA bundle.

Method 2: Import PFX/PKCS#12 File

If you have a .pfx file (common for Windows certificates):

Tip: If you need to convert between formats, use our Certificate Converter tool. It can convert PEM to PFX and vice versa for free.

Verifying Your Certificate Details

After uploading, use our Certificate Decoder tool to verify:

Step 6: Assign Certificate to Domain

After uploading, you need to assign the certificate to your domain's hosting.

For Both Linux and Windows

- Find "SSL/TLS support" or "Security" section

- You'll see a "Certificate" dropdown

- Permanent SEO-safe 301 redirect from HTTP to HTTPS: Enable this for automatic redirects

- HSTS (HTTP Strict Transport Security): Enable for enhanced security (optional)

What Happens Behind the Scenes

On Linux (Apache):

On Linux (Nginx):

On Windows (IIS):

Step 7: Verify Your SSL Installation

After installation, verify everything is working correctly on both Linux and Windows.

Verification Steps

- Issued to: Your domain name

- Issued by: Your Certificate Authority

- Valid dates: Current date within validity period

- Certificate chain validation

- Expiration date check

- Protocol support

- Common issues detection

Linux-Specific Verification

Check Apache/Nginx configuration:

# For Apache
apachectl -t
systemctl status apache2

# For Nginx
nginx -t
systemctl status nginx

Windows-Specific Verification

Configure HTTPS Redirect in Plesk

After installing SSL, redirect all HTTP traffic to HTTPS for security and SEO benefits.

Method 1: Plesk Built-in Option (Recommended)

This is the recommended method as Plesk handles it automatically for all web servers.

Method 2: .htaccess Redirect (Linux Apache)

For Apache servers, add to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Method 3: Nginx Directives (Linux Nginx)

In Plesk, go to your domain > Apache & nginx Settings > Additional nginx directives:

if ($scheme = http) {
    return 301 https://$host$request_uri;
}

Method 4: web.config (Windows IIS)

For IIS with URL Rewrite module, add to web.config:

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
  <match url="(.*)" />
  <conditions>
    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>

Common Plesk SSL Errors & Troubleshooting

Even with careful installation, you may encounter errors. Here's how to resolve the most common issues on both platforms:

Error: "The certificate does not match the private key"

Cause: The private key doesn't correspond to the CSR that generated the certificate.

Solution:

- Generate a new CSR using our CSR Generator

- Request certificate reissuance from your CA

Error: "SSL handshake failed" or "Certificate not trusted"

Cause: Usually a missing or incorrect CA bundle.

Solution:

Use our Certificate Decoder to check certificate details.

Error: "Browser shows 'Not Secure' despite SSL"

Cause: Mixed content—your HTTPS page loads resources over HTTP.

Solution:

Linux-Specific Issues

Windows-Specific Issues

Certificate Not in Dropdown

If your certificate doesn't appear in the hosting settings dropdown:

Setting Up SSL Expiry Reminders

SSL certificates expire after 1-2 years. Avoid unexpected expiration with our free reminder service.

How to Set Up Reminders

You'll receive email notifications before your certificate expires, giving you time to renew and avoid security warnings.

Plesk Let's Encrypt vs Purchased SSL Certificates

Plesk includes a Let's Encrypt extension for free SSL certificates. Here's how it compares to purchased certificates:

When to Choose Purchased SSL

Learn more about choosing the right certificate in our SSL Certificate Types guide.

Installing Wildcard SSL on Plesk

Wildcard SSL certificates secure your main domain and all single-level subdomains (e.g., *.example.com covers shop.example.com, blog.example.com, etc.).

Wildcard Installation Steps

- The main domain

- All subdomains

- New subdomains added later

Wildcard on Linux vs Windows

Both platforms handle wildcard certificates identically. The only consideration is ensuring all subdomains are configured in Plesk before assigning the certificate.

Best Practices for Plesk SSL Management

Follow these best practices to maintain optimal SSL security on your Plesk server:

Regular Monitoring

Security Measures

Plesk-Specific Tips

Documentation

For a deeper understanding of certificate infrastructure, read our guide on What is PKI?.

Related Guides

Looking for other control panel installation guides? Check out our cPanel SSL Installation Guide for step-by-step instructions on cPanel servers.

Frequently Asked Questions

How long does it take to install SSL on Plesk?

The technical installation takes just 5-10 minutes once you have all the necessary files. The entire process including CSR generation, certificate ordering, and domain validation typically takes 15-30 minutes for DV certificates, or 1-5 business days for OV/EV certificates.

Can I install a free SSL certificate on Plesk?

Yes, Plesk includes a Let's Encrypt extension that provides free DV certificates with automatic 90-day renewal. However, for business use, warranty protection, or extended validation, consider our affordable SSL certificates.

What's the difference between Plesk SSL installation on Linux vs Windows?

The Plesk interface is nearly identical on both platforms. The main differences are: Windows supports PFX/PKCS#12 import, Linux uses Apache/Nginx while Windows uses IIS, and Windows manages certificates through the Certificate Store.

Why is my SSL certificate not showing in the dropdown?

This usually means the private key doesn't match the certificate. Use our Key Matcher to verify, and re-upload if necessary. Also check for any error messages during the upload process.

How do I renew an SSL certificate in Plesk?

Renewal follows the same process as initial installation: generate new CSR, order renewal certificate, and install. Most CAs offer a renewal option that preserves remaining validity.

What is a CA Bundle and do I need it for Plesk?

A CA Bundle contains intermediate certificates that link your SSL to a trusted root CA. Without it, browsers may not trust your certificate. Always install the CA bundle provided by your Certificate Authority.

Can I install multiple SSL certificates on one Plesk server?

Yes, Plesk supports multiple certificates. Each domain can have its own certificate, or use multi-domain (SAN) or wildcard certificates to cover multiple domains.

How do I install a Wildcard SSL on Plesk?

Wildcard installation follows the same process. Ensure your CSR Common Name uses the wildcard format (*.example.com). Then assign the certificate to your main domain and all subdomains in Plesk.

Why does my browser show "Not Secure" after installing SSL on Plesk?

This usually indicates mixed content—your HTTPS page loads some resources over HTTP. Use browser Developer Tools to identify and fix HTTP resources.

How do I convert a certificate for Windows Plesk (IIS)?

Use our Certificate Converter to convert between PEM and PFX formats. For PFX, you'll need both the certificate and private key.

What's the difference between Let's Encrypt and purchased SSL in Plesk?

Let's Encrypt is free but limited to DV validation and 90-day validity. Purchased certificates offer longer validity, OV/EV options, warranties up to $1.75M, and professional support.

How do I install SSL for subdomains in Plesk?

Each subdomain can have its own certificate or share a wildcard certificate. Add the subdomain in Plesk, then install/assign the certificate following this guide.