Skip to main content

Generate a Let's Encrypt SSL certificate

This detailed guide explains how to get a free SSL certificate via Let's Encrypt on Plesk.

Step 1: Check DNS configuration​

Before generating the certificate, make sure your domain points correctly to your server.

At your registrar (example with Cloudflare)​

  1. Log in to your DNS management panel
  2. Verify that the A (or AAAA) record points to the correct IP
  3. Important: Temporarily disable the proxy (orange icon → grey)
Cloudflare Proxy

If the Cloudflare proxy is enabled, certificate validation may fail. Temporarily disable it during installation.

Test the configuration​

Open a terminal and verify that the domain points to the correct IP:

ping yourdomain.com
info

DNS propagation can take from a few minutes to several hours depending on your registrar.

Step 2: Access Plesk​

  1. Log in to Plesk with the credentials received by email
  2. Click on the domain you want to secure
  3. Click on SSL/TLS Certificates

Step 3: Install Let's Encrypt​

  1. On the SSL/TLS Certificates page, click Install (at the bottom)
  2. Check all available boxes:
    • Secure the main domain
    • Include www
    • Secure webmail (if available)
    • Other proposed subdomains
  3. Enter your email address
  4. Click Get it free

Step 4: Domain validation​

Let's Encrypt must verify that you own the domain.

Create the TXT record​

If requested, you will need to create a TXT record at your registrar:

  1. Go back to your DNS panel (Cloudflare or other)
  2. Create a new TXT record
  3. In Name: copy the value indicated by Plesk
  4. In Content: copy the validation code provided
  5. Save the record
  6. Return to Plesk and click Continue
tip

Wait a few minutes after creating the TXT record before clicking Continue.

Step 5: Verification​

Once the installation is complete, your site is secured. Verify by accessing:

https://yourdomain.com

A padlock should appear in the address bar.

Cloudflare configuration (if proxy enabled)​

If you want to re-enable the Cloudflare proxy after installation, configure SSL as follows:

  1. Go to SSL/TLS on Cloudflare
  2. Select Full (strict) mode
ParameterValue
SSL ModeFull (strict)
Always Use HTTPSEnabled
Minimum TLS VersionTLS 1.2
warning

Do not use "Flexible" mode as it can create redirect loops.

Force HTTPS​

To automatically redirect HTTP to HTTPS, add to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Automatic renewal

The Let's Encrypt certificate is valid for 90 days and is automatically renewed by Plesk.