Let´s Encrypt On Plesk 17.x with Ubuntu 16.4 (how to?)

Hi guys.

In my company currently we have 1 dedicaded server and 6 VPS´s. All with Ubuntu 14.x with plesk 12.5.
My idea is to start to migrate all the content (mostly Joomla, some WP) and some suitecrm running.
to the new servers with Plesk 17.x with ubuntu 16.4. I saw that the new plesk has already a build in tool for this.

I need to give my clients a good service for this I want that:

Now having explained this I have some doubts before i start.

  1. When the certificate is installed for the http (protocol) will the traffic automaticly be redirected from http to httpS?
    Like it does here on my local server with virtualmin?
  2. When installing the certificate do i need to request also aditional certificated for
    A. mail.mydomain.com
    B. webmail.mydomain.com
    C. ftps.mydomain.com

I as you this because i read somewhere on this forum (but can not recall the link for this post)
I saw that there is a line which can be executed via CLI which enables the certificate
for all the services I want.

Now for the last question is:
How can I make a valid certificate for:
https://the-ip-of-the-vps:8443/login_up.php3

Can anyone help me out with this. Planning on ordering the 1st new VPS next monday.
Hoping to hear from you all.
Any feedback is much apriciated.
Many thanks in advance
Regards,
Paco

You can’t. Publicly-trusted CAs will not issue certificates for IP addresses, only hostnames.

It’s really up to you whether to include all those hostnames in a single certificate (along with www.) or to create separate certificates for each, but one way or the other, a certificate will need to cover each of those hostnames.

That depends on the web server configuration. It's possible to configure web servers to do this, but it's not automatic as a result of having HTTPS or a certificate.

We develop https://certbot.eff.org/, which obtains certificates on the command line (and optionally also installs them in Apache or Nginx). You can also look at

for a list of available client software. Another popular and capable option there is acme.sh, which does not install the certificate for you.

Some other CAs might do this, but Let's Encrypt doesn't do it as a matter of policy. (The addresses that publicly-trusted CAs can't issue for are internal RFC 1918 IP addresses, like 192.168.1.1.)

If you give the VPS a public domain name (perhaps something like vps.mydomain.com or login.mydomain.com), you can get a certificate for that name. The port number (:8443) is not part of the certificate and the exact same certificate that would work for https://vps.mydomain.com/ would also work for https://vps.mydomain.com:8443/, without any changes to the content of the certificate.

Hi @danb35
Question1: Understood. Will create a sub-domain, like vps.mydomains.com, ask a certificate for this and use this domain th access the Plesk. :wink:
Question2: Still not clear on your answer. Can i ask 1 certificate and cover all the services with one single certificate (www, webmail, mail, ftp)? What would be the beste practice?
Thanks fo your reply tough ! ! !
Cheers,
Paco

Hi @schoen
Yes it´s clear now to me that it will only work with hostnames and NOT with ip adresses.
It is nice to read that when i create a subdomain (login.mydomain.com) i can ask simply a certificate for this hostname. But I have no clue as how to redirect the standart vps login
https://new-ip-of-the-new-vps:8443/login_up.php3 to https://login.mydomain.com
in this Plesk 17.x enviroment. Can you give me a hint how to establish this?
And yes, further more I have no clue how the https works on plesk.
Let me explain. Currently I have here at the office a localbox with virtualmin and it works quite well, when I request a certificate for a new domain it creates a redirect from http:// to https://.
But I am wondering after having the certificate working I have NO CLUE IF the Plesk will also redirect my traffic to https. Do you know how this works in the Plesk enviroment?
I am reading up on this Here but can´t find nothing about this. :frowning:
can you point me to the right direction, plesae?
Hope to hear from you again.
Regards,
Paco

Hi Paco,

Sorry, I have never used Plesk at all and I don’t know how to set anything up in Plesk.

I hope you can find other resources that will be more helpful.

Hi Paco

Plesk has a Let’s Encrypt Plugin. https://ext.plesk.com/packages/f6847e61-33a7-4104-8dc9-d26a0183a8dd-letsencrypt

About your other questions.

A) SFTP uses SSH keys not certificates. Therefore this is out of scope of Let’s Encrypt. Create RSA and ECC keys and good cipher selection.
B) If you want to use FTPS or as I like to name it FTP over SSL. Think about a couple of things
a) There are two Version of FTP over SSL - Implicit and Explicit
b) You will need a Valid Certificate on the Server for the FTP Over SSL to Work
C) Mail Protocols have 3x verisions SMTP over SSL, IMAP over SSL and POP over SSL
a) which ones are you offering your customrs
b) what mail server are you using

Andrei

Even one more: there’s SMTP+STARTTLS, which is different from SMTPS. (Often SMTP+STARTTLS is used for delivering mail between mail servers, while SMTPS is used for submitting e-mail from users’ e-mail clients.)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.