All Deployment guides Deployment

How to Install an SSL Certificate in Plesk

2026-05-08
plesksslinstallationhostingcontrol-panel

Plesk is a popular hosting control panel — especially on Windows servers and European hosts. It includes a built-in Let’s Encrypt extension for automatic SSL, plus a manual installation option for certificates from GetHTTPS or other sources.

Option 1: Plesk Let’s Encrypt extension (automatic)

Plesk Obsidian includes a free Let’s Encrypt integration:

  1. Log in to Plesk
  2. Go to Websites & Domains → select your domain
  3. Click SSL/TLS Certificates
  4. Click Install next to “Let’s Encrypt”
  5. Enter your email, check the boxes for your domain and www subdomain
  6. Check “Assign the certificate to the mail domain” if you want mail encryption
  7. Click Get it free

Plesk handles issuance and auto-renewal. No manual steps after this.

Note: Some hosting providers disable the Let’s Encrypt extension. If you don’t see it, ask your host or use Option 2.

Option 2: Manual installation (from GetHTTPS)

Use this when the Let’s Encrypt extension is unavailable, or when you want a certificate with specific SANs or a wildcard.

Step 1: Get your certificate

Generate a certificate with GetHTTPS. You’ll get cert.pem, privkey.pem, and chain.pem.

Step 2: Upload in Plesk

  1. Go to Websites & Domains → your domain → SSL/TLS Certificates
  2. Click Add SSL/TLS Certificate (or Manage if one exists)
  3. Scroll to Upload the certificate as text
  4. Paste the contents of each file:
    • Certificate → contents of cert.pem
    • Private key → contents of privkey.pem
    • CA certificate → contents of chain.pem
  5. Click Upload Certificate

Step 3: Assign to your domain

  1. Go back to Websites & Domains → your domain
  2. Click Hosting & DNSHosting Settings
  3. Check SSL/TLS support
  4. Select your certificate from the dropdown
  5. Click OK / Apply

Step 4: Force HTTPS

  1. In Hosting Settings, check Permanent SEO-safe 301 redirect from HTTP to HTTPS
  2. Click OK

Or add to your .htaccess (Apache) or site config (Nginx behind Plesk):

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Plesk vs cPanel: SSL installation differences

PleskcPanel
Built-in Let’s EncryptExtension (may need activation)AutoSSL (usually pre-enabled)
Manual install locationSSL/TLS Certificates → UploadSSL/TLS → Manage SSL Sites
File formatPEM (paste text)PEM (paste text)
HTTPS redirectCheckbox in Hosting Settings.htaccess or Redirects tool
Wildcard supportYes (extension or manual)Yes (manual)

Troubleshooting

”SSL certificate does not match the private key”

The certificate and key files don’t correspond. Make sure both came from the same GetHTTPS session. If you ran GetHTTPS twice, use the files from the same run.

Let’s Encrypt extension shows error

Common causes: DNS not pointing to the server, port 80 blocked by firewall, or the hosting provider disabled the extension. Check DNS resolution first:

dig +short yourdomain.com

The IP should match your server’s IP.

Certificate installed but site shows “Not Secure”

Check that the certificate is assigned to the domain in Hosting Settings. Also check for mixed content — HTTP resources on an HTTPS page.

Frequently asked questions

Is Plesk’s Let’s Encrypt extension free?

The extension itself is free and included in Plesk Obsidian. The Let’s Encrypt certificates it issues are also free. Some hosting providers may charge for Plesk itself, but the SSL extension within it costs nothing extra.

Can I install a wildcard certificate in Plesk?

Yes. The Let’s Encrypt extension supports wildcards (via DNS-01). For manual installation, generate a wildcard certificate with GetHTTPS and upload it.

How do I renew a manually installed certificate?

Generate a new certificate with GetHTTPS before the current one expires, then repeat the upload and assignment steps. Plesk’s built-in Let’s Encrypt extension handles renewal automatically — manual certificates do not auto-renew.

Does Plesk support ECDSA certificates?

Yes. Plesk Obsidian supports ECDSA certificates. GetHTTPS generates ECDSA P-256 by default, which works in Plesk.

How do I check which certificate is currently active in Plesk?

Go to Websites & Domains → your domain → SSL/TLS Certificates. The active certificate shows its issuer, expiry date, and domain coverage. You can also verify from the command line:

echo | openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2>/dev/null | openssl x509 -noout -issuer -enddate

Plesk vs cPanel: which is better for SSL?

Both handle SSL certificates well. Plesk’s interface is more visual; cPanel’s is more text-based. Both support Let’s Encrypt extensions, manual certificate installation, and automatic renewal. Choose based on what your hosting provider offers — the SSL functionality is equivalent.

Related articles

Getting Started 2026-05-08
How to Get a Free SSL Certificate (Step-by-Step Guide)
Get a free SSL certificate from Let's Encrypt in 5 minutes — no software to install, no account to create. Complete guide covering 4 methods, both challenge types, installation on 6 platforms, and troubleshooting.
Deployment 2026-05-08
How to Install an SSL Certificate in cPanel
Install a free Let's Encrypt SSL certificate in cPanel step by step. Covers the SSL/TLS Manager, AutoSSL, and manual installation for shared hosting.
Deployment 2026-05-07
How to Redirect HTTP to HTTPS
Force all traffic to HTTPS with server-side redirects. Configuration examples for Nginx, Apache, and .htaccess with 301 permanent redirects.
Get a free SSL certificate in your browser
No installation, no account. Your private key never leaves your device.
Get your certificate