Knowledge Base

How to secure Plesk and mail server with Let’s Encrypt certificate via CLI?

Question

How to secure Plesk and mail server with Let's Encrypt certificate using command line?

Answer

By default, new Plesk installations come with pre-installed Let's Encrypt extension and if the server's hostname is correct, Plesk secures itself automatically.

Note: To issue a certificate, correct hostname should be used in OS, and it should resolve to the server's IP address.
Here and forth example.com will be used as the server's hostname and 203.0.113.2 will be used as the server's public IP.

Check if server's hostname resolves properly

On Windows
1. Connect to the server via RDP
2. Find out server's hostname:
  C:> plesk bin server_pref --get-hostname
  example.com
3. Make sure that the hostname points to the server's IP:
  C:> nslookup example.com 8.8.8.8
  Server: google-public-dns-a.google.com
  Address: 8.8.8.8
  Non-authoritative answer:
  Name: example.com
  Addresses: 203.0.113.2
On Linux
1. Connect to the server via SSH
2. Find out server's hostname:
  # plesk bin server_pref --get-hostname
  example.com
3. Make sure that the hostname points to the server's IP:
  # host example.com 8.8.8.8
  Using domain server:
  Name: 8.8.8.8
  Address: 8.8.8.8#53
  Aliases:
  example.com has address 203.0.113.2

Issue and apply the certificate to the server with CLI utility

Connect to the server via SSH or RDP
Make sure that the latest Let's Encrypt extension is installed on the server:
# plesk bin extension -i letsencrypt
C:> plesk bin extension -i letsencrypt
Issue and secure Plesk with a certificate:
- On Linux:
  # plesk bin extension --exec letsencrypt cli.php --secure-plesk -m [email protected] -w /var/www/vhosts/default/htdocs -d example.com
- On Windows:
  C:> plesk bin extension --exec letsencrypt cli.php --secure-plesk -m [email protected] -w "%plesk_dir%defaulthtdocs" -d example.com
Secure additional services:
- Set the certificate as default for an IP address:
  # plesk bin certificate --assign-cert "Lets Encrypt certificate" -ip 203.0.113.2
- Set the certificate for the mail server:
  # plesk bin mailserver --set-certificate "Lets Encrypt certificate"
- Set the certificate for Plesk Control panel:
  # plesk bin server_pref --update -panel-certificate "Lets Encrypt certificate"

Bulk Change Web Hosting & Mail Settings Quickly and Easily with Plesk CLI

Full Site Check now scans for Google Fonts

Server Management: IP Mapping Guideline

Knowledge Base

Unable to issue a Let’s Encrypt certificate for a domain or its mail in Plesk: the DNS challenge used another IP address

Websites on Plesk server are slow or show error 500 or PHP mail cannot be sent: ap_pass_brigade failed

Let’s Encrypt notification mail: Your certificate (or certificates) for the names listed below will expire in days

Mail delivery does not work: do not list domain in BOTH mydestination and virtual_mailbox_domains

Hosting Wiki

Knowledge Base

How to secure Plesk and mail server with Let’s Encrypt certificate via CLI?

Question

Answer

Check if server's hostname resolves properly

Issue and apply the certificate to the server with CLI utility

Bulk Change Web Hosting & Mail Settings Quickly and Easily with Plesk CLI

Full Site Check now scans for Google Fonts

Server Management: IP Mapping Guideline

Unable to issue a Let’s Encrypt certificate for a domain or its mail in Plesk: the DNS challenge used another IP address

Websites on Plesk server are slow or show error 500 or PHP mail cannot be sent: ap_pass_brigade failed

Let’s Encrypt notification mail: Your certificate (or certificates) for the names listed below will expire in days

Mail delivery does not work: do not list domain in BOTH mydestination and virtual_mailbox_domains

Install How to secure Plesk and mail server with Let’s Encrypt certificate via CLI? extension