Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: sudo certbot certonly --manual
It produced this output: privkey.pem and fullchain.pem
My web server is (include version): GoDaddy Plesk Windows
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:GoDaddy
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):Plesk
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I created the certificates, uploaded them (on the Plesk SSL page) and then went to the Hosting Websites & domains page. Selected the new certificate, and clicked on OK. The system responded with a long error message beginning with: Error: certmng failed: Can't create RSAPrivateKey at (CAPI32::RSAPrivateKey::RSAPrivateKey line 650) at Unable to execute console command: '--install-web-certificate'(vconsoleapp::start line 95)
I'm pretty sure I got this to work OK a few month back. GoDaddy will not help because it is a "third party problem" I will greatly appreciate any ideas on how to precede here. Thanks!
I think maybe you've got the wrong idea about what you're trying to accomplish in Plesk. You're trying to install the cert you've acquired, not create another cert. Also, you could have just used CertSage to quickly acquire the cert rather than using certbot's manual mode, which is much slower and more error-prone.
If you are already correctly using the steps in the article that I linked, it's possible that the private key you are trying to install either has the wrong header line and/or internal format or is an ECDSA key, not an RSA key.
Thanks, I would love to use certsage, but have not been able to. I use it on my cpanel managed sites and it works well. The certsge developer said it does not work with Plesk, and I am unable to install the certbot extension into my (GoDaddy) managed Plesk site. Thanks!
Thanks for this. I did follow the steps as you described. Thanks! One difference I see is that the contents of the privkey.pem begins with -----BEGIN PRIVATE KEY----- rather than the -----BEGIN RSA PRIVATE KEY----- as shown in your example. Also, instructions from certbot said to use the fullchain.pem file, which contains 3 BEGIN / END pairs. I copied this into the Certificate (*.crt) field, not the CA field.
If your private key is an RSA key and not an ECDSA key, modify the header line of your private key in your privkey.pem file to be "BEGIN RSA PRIVATE KEY" then use the result as your private key in Plesk
Use the first certificate in your fullchain.pem file as your certificate in Plesk
Use the second certificate in your fullchain.pem file as your CA certificate in Plesk
Ignore the third certificate in your fullchain.pem file
It is now working.
Plesk requires RSA type, but the certbot default is now ECDSA type. I used the --key-type rsa flag to convert the certificate and it is now installed and working! (The certificate you saw earlier was on my Mac, not on the server, that is why it is still good)