How to Install a Free SSL Certificate with Let's Encrypt in Plesk

Plesk makes it easy to secure your website with a free SSL/TLS certificate from Let's Encrypt. SSL encrypts the connection between your website and visitors, which is essential for security and required for modern web features. This guide covers installing and managing Let's Encrypt certificates.

Prerequisites

• Your domain must be publicly accessible and pointing to your Plesk server IP address.
• The Let's Encrypt and SSL It! extensions must be installed. Contact your hosting provider if they are not available.

Installing a Let's Encrypt Certificate

1. Log in to Plesk.
2. Go to Websites & Domains.
3. Click the domain you want to secure.
4. Under Security, click SSL/TLS Certificates.
5. Scroll to Install a free basic certificate provided by Let's Encrypt.
6. Click Install.
7. Configure the certificate options:
   • Email address: Used for notifications from Let's Encrypt. Defaults to your subscription email.
   • Secure the domain: Include the main domain name (recommended).
   • Include "www" subdomain: Secure www.yourdomain.com (recommended).
   • Secure webmail: Secure webmail.yourdomain.com (recommended).
   • Assign the certificate to mail domain: Secure mail services for this domain (recommended).
8. Click Get it free.
9. Plesk will generate and install the certificate. This usually takes a few seconds.

Enabling SSL for Your Website

1. Go to Websites & Domains → click your domain.
2. Go to Hosting & DNS → Hosting Settings.
3. Ensure SSL/TLS support is checked.
4. From the Certificate dropdown, select the Let's Encrypt certificate.
5. Click OK.

Your website is now accessible via https://.

Wildcard Certificates

If you have many subdomains, a wildcard certificate can secure them all at once:

1. When installing the certificate, select Issue wildcard certificate.
2. This secures *.yourdomain.com (all subdomains).
3. Plesk will automatically add a DNS record for verification.
4. If Plesk does not manage your DNS, you will need to add the TXT record manually at your DNS provider.

Certificate Renewal

• Let's Encrypt certificates are valid for 90 days.
• The SSL It! extension automatically renews certificates 30 days before expiry.
• No manual action is required for renewal.

Important Notes

• Let's Encrypt certificates are Domain Validated (DV) only — they encrypt data but do not verify business identity.
• If your domain is not resolving to the server, the certificate issuance will fail.
• Let's Encrypt has rate limits: maximum 50 certificates per domain per week.

Troubleshooting

"Cannot issue a Let's Encrypt certificate":

• Verify your domain is publicly accessible and resolves to the correct server IP.
• Check at https://mxtoolbox.com/DNSLookup.aspx that the domain A record points to your server.

Certificate is not applying to the website:

• Go to Hosting Settings and ensure SSL/TLS support is enabled and the correct certificate is selected.

"Too many certificates issued" error:

• You have hit the Let's Encrypt rate limit. Wait one week before requesting additional certificates.