How do I get a SSL certificate with PLESK when I have no SSH

#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: adar.fr and hosted on Safebrands.fr also known as Mailclub.fr

I ran this command:
I have PLESK and was able to get a CSR text.
There is a way to load the .crt file in this Plesk implementation but I did not get how to go from this CSR to the .crt
Let’s encrypt extension on Plesk is not provided because the provider does not offer free certificate, and does not help do it.

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Safebrands.fr also known as Mailclub.fr

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

#2

Hi @bh26

there are some online sites you can use:

https://www.sslforfree.com/

But you have to do that manual (uploading a file to your webserver). And Letsencrypt certificates are only 90 days valide, so you have to do that every 60 - 85 days.

So it’s not a really good solution.

#3

There is a ACME client intergarted to PLESK, with automated renewal

#4

I know but this extension is not available from this hosting provider.

#5

Thanks
I’ll look at that ZeroSSL site…
I understand this is not an easy solution but apparently there is no other one.
By the way I noticed on this community forum someone who said he was offering a plugin for wordpress.
Is this a good solution since I am using Wordpress for my site?

#6

can you add cronjob? maybe this can work.
https://acmephp.github.io/

#7

Not sure what is a cronjob and how to add it.
Linux et. al is a new world for me.

#8

I don’t use WordPress, but there are a lot of Wordpress - plugins.

But I don’t know if that would work or if support of your hoster is required.

If you have installed your own Wordpress, that may be work.

If you use a standard-WP of your hoster, it may be fail.

#9

Hi,
I finally generated the key from ZeroSSL.com and uploaded it to my website using the Plesk interface (at least this is possible with this provider).
Everything looks nice but at the end the website still displays “not secured”.
Is it a timing problem or something else?

#10

You have created one certificate with one domain name ( https://check-your-website.server-daten.de/?q=adar.fr ):

CN=www.adar.fr
	26.02.2019
	27.05.2019
expires in 90 days	www.adar.fr - 1 entry

But you have two dns entries (non-www and www):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
adar.fr A 195.64.164.106 yes 1 0
AAAA yes
www.adar.fr A 195.64.164.106 yes 1 0
AAAA yes

That’s good.

And you have a redirect www -> non www. That’s good, one version should be the preferred version.

But the result:

Domainname Http-Status redirect Sec. G
http://www.adar.fr/
195.64.164.106 301 http://adar.fr/ 0.080 D
http://adar.fr/
195.64.164.106 200 0.407 H
https://www.adar.fr/
195.64.164.106 301 https://adar.fr/ 1.417 B
https://adar.fr/
195.64.164.106 200 1.960 N
Certificate error: RemoteCertificateNameMismatch

Your non-www version has the wrong certificate and is insecure.

So create one certificate with two domain names

adar.fr
www.adar.fr

and use that.

PS: There is one mixed content:

http://www.linflux.com/wp-content/uploads/2018/03/bluetooth-logo-e1520333573157.jpg

An image loaded via http.

#11

Hi,
I am sorry, I don’t understand what you mean by “Your non-www version has the wrong certificate and is insecure.”
I have one certificate only and in my Plesk interface I indicated that I preferred to use adar.fr better than www.adar.fr. But if that creates a problem I may just go and stick with www.adar.fr.
But I just changed it to avoid this adar.fr possibility but I still do not get a secured site.

#12

One certificate can have one or more domain names.

You should create one certificate with two domain names - adar.fr + www.adar.fr.

So create a new Certificate Signing request and use that with ZeroSSL.


You can do that but this isn’t the problem. A domain should always have two dns entries (www + non-www), one correct certificate with both domain names and correct redirects http -> https and https + non-preferred -> https + preferred. It’s not really relevant if the non-www or the www-version is preferred, both versions should answer.

#13

As you can see on thi image the hosting params are for adar.fr and it’s just a preference to use www.adar.fr. And for this I have to provide only one certificate.

I have another domain on the same server which is appinventor.adar.fr, and after issuing the certificate for this domain, I can call it with https://appinventor.adar.fr and get the lock. it shows it as a secure one.
This site is a redirection from the domain name appinventor.fr, but if I call appinventor.fr it opens appinventor.adar.fr but not secure.
There are certainly some basic knowledge on Domain names/redirection/SSL that I am missing.
I’m going to sleep, maybe something will surge tomorrow.
Thanks

closed #14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.