Generate a Let's Encrypt SSL certificate (Deprecated)

Deprecated

This guide is for the old Plesk panel and is no longer up to date. SSL is now managed directly via cPanel. Please refer to the Web Hosting (cPanel) section.

This detailed guide explains how to get a free SSL certificate via Let's Encrypt on Plesk.

Step 1: Check DNS configuration

Before generating the certificate, make sure your domain points correctly to your server.

At your registrar (example with Cloudflare)

1. Log in to your DNS management panel
2. Verify that the A (or AAAA) record points to the correct IP
3. Important: Temporarily disable the proxy (orange icon → grey)

Cloudflare Proxy

If the Cloudflare proxy is enabled, certificate validation may fail. Temporarily disable it during installation.

Test the configuration

Open a terminal and verify that the domain points to the correct IP:

ping yourdomain.com

info

DNS propagation can take from a few minutes to several hours depending on your registrar.

Step 2: Access Plesk

1. Log in to Plesk with the credentials received by email
2. Click on the domain you want to secure
3. Click on SSL/TLS Certificates

Step 3: Install Let's Encrypt

1. On the SSL/TLS Certificates page, click Install (at the bottom)
2. Check all available boxes:
   • Secure the main domain
   • Include www
   • Secure webmail (if available)
   • Other proposed subdomains
3. Enter your email address
4. Click Get it free

Step 4: Domain validation

Let's Encrypt must verify that you own the domain.

Create the TXT record

If requested, you will need to create a TXT record at your registrar:

1. Go back to your DNS panel (Cloudflare or other)
2. Create a new TXT record
3. In Name: copy the value indicated by Plesk
4. In Content: copy the validation code provided
5. Save the record
6. Return to Plesk and click Continue

tip

Wait a few minutes after creating the TXT record before clicking Continue.

Step 5: Verification

Once the installation is complete, your site is secured. Verify by accessing:

https://yourdomain.com

A padlock should appear in the address bar.

Cloudflare configuration (if proxy enabled)

If you want to re-enable the Cloudflare proxy after installation, configure SSL as follows:

1. Go to SSL/TLS on Cloudflare
2. Select Full (strict) mode

Parameter	Value
SSL Mode	Full (strict)
Always Use HTTPS	Enabled
Minimum TLS Version	TLS 1.2

warning

Do not use "Flexible" mode as it can create redirect loops.

Force HTTPS

To automatically redirect HTTP to HTTPS, add to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Automatic renewal

The Let's Encrypt certificate is valid for 90 days and is automatically renewed by Plesk.