How to Install an SSL Certificate in Plesk

Installing an SSL certificate in Plesk is one of the most important steps for securing a website and enabling HTTPS correctly. In a hosting environment, this process usually involves adding the certificate, matching it with the private key and CA chain, then assigning it to the domain inside Plesk. When set up properly, visitors see a secure connection, browsers trust the site, and sensitive data is protected during transfer.

This guide explains how to install an SSL certificate in Plesk, how to activate it for a domain, and what to check if HTTPS does not work as expected. It is written for website owners, developers, and support teams managing domains on a hosting platform with Plesk.

What you need before installing SSL in Plesk

Before starting, make sure you have the correct certificate files and access to the Plesk panel. In most cases, you will need the following:

• Certificate file in .crt, .pem, or similar format
• Private key generated when the CSR was created
• CA bundle or intermediate certificate chain, if provided by the certificate authority
• Access to Plesk with permission to manage the domain

If you used Plesk to generate the Certificate Signing Request (CSR), the private key is usually already stored on the server for that domain. If the certificate was issued elsewhere, you may need to paste or upload the matching private key manually.

Know which certificate type you have

Different SSL products may require slightly different installation steps. Common types include:

• Single-domain SSL for one hostname
• Wildcard SSL for a main domain and all first-level subdomains
• Multi-domain / SAN SSL for several hostnames in one certificate
• Let’s Encrypt certificates issued automatically through Plesk

The installation process in Plesk is similar for all of them, but the domain coverage must match the certificate exactly.

How to install an SSL certificate in Plesk

Follow these steps to install your certificate in the Plesk control panel.

Step 1: Log in to Plesk

Sign in to your Plesk account using administrator or domain-level credentials, depending on the permissions granted by your hosting setup. If you manage multiple subscriptions, select the correct domain first.

Step 2: Open the SSL/TLS Certificates section

In the domain dashboard, look for SSL/TLS Certificates. This area is where Plesk stores certificate data and lets you upload or paste the required files. The exact menu name may vary slightly depending on the Plesk version, but the function is the same.

Step 3: Add a new certificate

Click Add SSL/TLS Certificate or a similar option. Give the certificate a clear name, such as:

• example.com SSL
• Wildcard certificate
• Production HTTPS certificate

A clear label helps later when you manage renewals or switch between certificates.

Step 4: Upload or paste the certificate data

Enter the certificate content in the appropriate field. Depending on the interface, you may need to provide:

• Certificate content
• Private key
• CA certificate or CA bundle

If Plesk offers text boxes, paste the full PEM content, including the BEGIN CERTIFICATE and END CERTIFICATE lines where required. If file upload is available, upload the certificate files directly.

Make sure the certificate and private key belong together. If they do not match, Plesk will usually show an error or the site will fail to load securely.

Step 5: Save the certificate

After entering the details, save the certificate. Plesk will store it in the domain’s certificate list. At this point, the certificate is added to the panel, but it may not yet be active on the website.

Step 6: Assign the certificate to the domain

Return to the domain’s hosting settings or Hosting Settings section. Find the SSL/TLS support option and make sure it is enabled. Then select the certificate you just installed from the SSL certificate dropdown.

Save the hosting settings. This step is essential because installing the certificate alone does not automatically turn on HTTPS for the site.

Step 7: Enable HTTPS for mail and subdomains if needed

If your hosting configuration includes mail services, webmail, or additional hostnames, check whether they also need SSL enabled. In Plesk, mail and website certificates are sometimes managed separately. For example, you may want to:

• Use the same certificate for the main website and mail services
• Install a wildcard certificate for multiple subdomains
• Assign a separate certificate to webmail or a service subdomain

For hosted platforms in Europe, this is especially useful when you manage customer-facing domains, transactional email, and staging environments under one account.

How to install a Let’s Encrypt certificate in Plesk

If you prefer automatic SSL management, Plesk often supports Let’s Encrypt through an extension. This is a common choice for standard websites because it can issue and renew certificates without manual file handling.

To install Let’s Encrypt in Plesk:

1. Open the domain in Plesk.
2. Go to the Let’s Encrypt or SSL/TLS Certificates section.
3. Select the domain and any required aliases or subdomains.
4. Choose whether to include www and mail services.
5. Request the certificate.
6. Wait for issuance and apply it to the site.

After issuance, Plesk usually installs the certificate and can renew it automatically before expiration. This reduces the risk of downtime caused by an expired SSL certificate.

How to force HTTPS after installing the certificate

Once the SSL certificate is installed, you should ensure visitors are redirected from HTTP to HTTPS. Without a redirect, the site may still load over an unsecured connection if users enter the plain HTTP address.

Use the HTTPS redirection setting in Plesk

Some Plesk installations include a simple option to redirect all traffic to HTTPS. If available, enable it in the hosting settings or website preferences. This is often the easiest method for standard websites.

Alternative: configure redirects in the application or web server

If your website runs on a CMS, framework, or custom application, you may also configure HTTPS redirection there. On Apache-based hosting, redirects may be managed through the application, .htaccess, or server configuration depending on the setup.

For most hosting users, the safest approach is to use the Plesk-provided redirect option first, then verify the site’s behavior in a browser.

How to check whether SSL is installed correctly

After installation, verify that the certificate is active and trusted. A correct setup should show a secure padlock in modern browsers and load the site over https://.

Check these items:

• The domain opens with HTTPS
• The browser shows no certificate warnings
• The certificate name matches the domain
• The expiration date is correct
• All required subdomains or aliases are covered
• No mixed content errors appear on the page

You can also inspect the certificate directly in the browser. This helps confirm whether the correct certificate is installed and whether the issuer chain is complete.

Test from different devices and browsers

It is a good idea to test the website from more than one browser and device. Some issues only appear in cached sessions or older browsers. In managed hosting environments, this can help distinguish a local browser cache problem from a genuine SSL configuration issue.

Common problems when installing SSL in Plesk

Even when the steps are followed carefully, SSL installation can fail due to mismatched files, incomplete chains, or wrong domain selection. Below are the most common problems and how to solve them.

Private key does not match the certificate

This usually happens when the certificate was issued from a CSR created elsewhere, or when the wrong private key was copied into Plesk. To fix it, ensure the private key belongs to the CSR used during issuance. If needed, generate a new CSR and reissue the certificate.

Missing intermediate certificate

If the CA bundle is not installed, some browsers may not trust the certificate correctly. Always include the intermediate certificate chain when the certificate authority provides it. In Plesk, this is often placed in the CA certificate field.

Certificate installed, but the site still shows HTTP

This usually means the certificate was added but not assigned to the domain, or HTTPS redirection is not enabled. Check both the SSL/TLS settings and the hosting settings for the domain.

Certificate name mismatch

If the certificate was issued for www.example.com but the site opens as example.com, the browser may show a warning. Make sure the certificate covers all versions of the domain you want to use, including the root domain, www, and any subdomains.

Old browser cache or HSTS behavior

Sometimes the certificate is correct, but the browser continues to show an old warning due to cached data or HSTS rules. Test in a private window or another browser to rule this out.

How to renew or replace an SSL certificate in Plesk

SSL certificates have an expiration date, so they must be renewed before they expire. In Plesk, renewal can be manual or automatic depending on the certificate type.

If you use a paid SSL certificate

Renew the certificate with your provider, download the new files, and repeat the installation steps in Plesk. Then reassign the renewed certificate to the domain.

If you use Let’s Encrypt

Plesk can usually renew the certificate automatically. Still, it is good practice to check that the extension is working, especially after domain changes, DNS updates, or hosting migrations.

When replacing an existing certificate

If you are switching to a new certificate, upload the new one first, then update the domain’s hosting settings to use it. Keep the old certificate until the new one is fully active and tested.

Best practices for SSL in a hosting environment

For stable HTTPS deployment on a hosting platform, follow these practical recommendations:

• Use a certificate that matches the exact domain names in use
• Always install the full certificate chain
• Enable HTTPS redirect after installation
• Check both example.com and www.example.com
• Monitor expiration dates regularly
• Update site URLs in the application if needed
• Test for mixed content after enabling HTTPS

If the site loads images, scripts, or styles over HTTP after the certificate is installed, browsers may still mark the page as partially insecure. Update those asset links to HTTPS as part of the deployment.

FAQ

Do I need a CSR to install SSL in Plesk?

Not always for installation, but you do need a CSR to request a new certificate from a certificate authority. If you already have a certificate issued elsewhere, Plesk still needs the certificate file and the matching private key.

Can I install the same SSL certificate on multiple domains?

Only if the certificate type supports those domains. A single-domain certificate cannot be used on unrelated hostnames. For multiple domains, use a SAN certificate or separate certificates as needed.

Why does Plesk ask for a private key?

The private key proves ownership of the certificate request and is required to complete the SSL handshake. Without the matching private key, the certificate cannot be activated correctly.

Is Let’s Encrypt enough for a business website?

For many websites, yes. Let’s Encrypt provides trusted SSL certificates suitable for standard HTTPS protection. If your organization needs special validation, extended trust requirements, or multiple custom domains, a commercial certificate may be more appropriate.

What should I do if the certificate works on one domain but not another?

Check whether the certificate actually covers the second domain or subdomain. If it does not, issue a new certificate with the correct names or use a wildcard/SAN certificate.

How can I tell if HTTPS redirect is working?

Open the site using http:// in a browser. If the redirect is configured correctly, the address should switch automatically to https://. You can also test with browser developer tools or an online redirect checker.

Conclusion

Installing an SSL certificate in Plesk is straightforward once you have the correct certificate files and know where to apply them. The key steps are to add the certificate, provide the matching private key and CA chain, assign it to the domain, and enable HTTPS redirection. After that, verify the site in a browser and check for any mixed content or domain mismatch issues.

For hosting customers and managed hosting users, a correct SSL setup is essential for security, browser trust, and a reliable user experience. Whether you use a paid certificate or Let’s Encrypt, Plesk gives you the tools to manage HTTPS efficiently from one place.