Purchasing an SSL/TLS Certificate From a Certificate Authority

Note

This topic describes the old procedure present in Plesk Onyx. We recommend that you use the new one offered by the SSL It! extension in Plesk Obsidian.

If you want to secure your website with an SSL/TLS certificate, you can purchase one from a Certificate Authority. You can also purchase one directly through Plesk, as well as protect your website with a free self-signed SSL/TLS certificate, or with a certificate you already own.

To purchase a certificate, you need to generate a Certificate Signing Request (CSR for short) first. Go to Websites & Domains > your website > SSL/TLS Certificates > “Advanced Settings” > and click Add SSL/TLS Certificate. Fill out the fields marked with the red asterisk symbol (*), such as the certificate name (you will use it to identify the certificate in the list of all certificates), your personal information, the name of the domain the certificate will be protecting, and so on. Make sure that all information you provide is correct, as mistakes may make the certificate unsuitable and make it necessary to pay for a new one.

Note

If you want to purchase a wildcard SSL/TLS certificate, your domain name must start with an asterisk symbol (*). For example, a certificate generated for *.example.com can be used to secure any subdomain of example.com.

When you have finished, click Request. This will result in the CSR and the private key being generated and placed in your repository.

Now that the CSR has been generated, you need to provide it to the Certificate Authority of your choice to purchase a certificate from them. To retrieve the CSR, go to Websites & Domains > your website > SSL/TLS Certificates > “Advanced Settings” and click the name of the certificate you have just generated. Scroll down to the CSR section and copy the text starting with -----BEGIN CERTIFICATE REQUEST----- and ending with -----END CERTIFICATE REQUEST----- (including those lines with all the dashes) to the clipboard. You will need to provide the CSR to the Certification Authority when purchasing your certificate. The exact procedure differs from one Certificate Authority to another, so contact the Certificate Authority for assistance should you encounter any difficulties. Once you complete the purchase, you will be given the certificate in the form of either a *.crt file, a *.pem file, or in text form.

To secure your website with the certificate you have purchased, you need to upload it first. Go to Websites & Domains > your website > SSL/TLS Certificates > “Advanced Settings” and click the name of the certificate, then upload it as described below:

  • If you received the certificate in the form of a *.crt or a *.pem file, scroll down to the Upload the certificate files section and upload the file. Click Upload Certificate when you have finished.
  • If you received the certificate as text, scroll down to the Upload the certificate as text section and paste the certificate into the corresponding field. Click Upload Certificate when you have finished.

This will result in the certificate being placed in your repository. You can see a list of all SSL/TLS certificates in your repository by going to Websites & Domains > your website > SSL/TLS Certificates > “Advanced Settings”.

Now that the certificate has been uploaded, you need to install it. Go to Websites & Domains > your website > Hosting Settings. From the Certificate menu, select the certificate you have just uploaded and then click OK.