SSL Certificate Problems

SSL Certificate Problems

Installing a Let's Encrypt SSL Certificate

Navigate to the Let's Encrypt Settings

  1. Navigate to the Let's Encrypt settings using the steps below:

Login > Plesk > Websites & Domains > [ domain ] > Dashboard tab > Security section> SSL/TLS Certificates button > Let's Encrypt settings

Install the Certificate

  1. Click on the 'Install' button.

Select Certificate Options

  1. In addition to selecting the `Secure the domain name` option, we also recommend selecting the following options:
    • Include a "www" subdomain for the domain and each selected alias
    • Secure webmail on this domain
    • Assign the certificate to the mail domain

Note: Securing webmail cannot be done during the 2 hours following domain creation, because it requires an Apache restart. Apache restarts every 2 hours, so if you're setting up SSL on a brand new account or a new domain that's just been added, you will need to return to these settings later to activate the webmail security feature.

  1. Click on the 'Get it free' button to install the certificate.

  1. You should see that 'Keep websites secured' is now 'Enabled'
  1. We also recommend activating the 'Redirect from http to https' option

Troubleshooting

If you have issues with the Let's Encrypt SSL certificate on your domain or subdomain, here are some things to check:

Check if the Certificate is Expired or Invalid

If the certificate is expired or invalid:

  • Reissue the certificate
  • Wait a full 2 hours
  • Clear your cache to ensure the changes are applied correctly

If the Certificate is NOT Expired

If the certificate is not expired:

  • Unassign the certificate from the domain
  • Reassign the certificate to the domain
  • Wait a full 2 hours
  • Clear your cache to ensure the changes are applied correctly

Ensure Redirect HTTP to HTTPS is Off

If you can't issue a new certificate it might be because your website is redirecting to https. The verification file required to install SSL must be served over http, and if your website redirects to https the install will fail. Make sure you don't have a redirect to https in your .htaccess file, or make an exception to allow the .well-known directory to be served over http. 

# redirect to https but allow http on .well-known
RewriteCond %{HTTPS} !=on
RewriteCond %{THE_REQUEST} !/.well-known/(.*)$ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Plesk can also redirect to https. To disable this redirect:

  • Login at heliohost.org
  • Continue to Plesk
  • Websites & Domains
  • Hosting & DNS
  • Hosting
  • Uncheck the option Redirect visitors from HTTP to HTTPS

After ensuring that neither .htaccess or Plesk redirect to https try issuing SSL again.

Further Support

If after following the above steps, waiting a full 2 hours, and clearing your cache, the problem is not fixed, please post a topic in the Customer Support forum. Make sure you provide your username, domain name, and any error message(s) received.

Retrieved from "https://wiki.helionet.org/index.php?title=SSL_Certificate_Problems&oldid=1498"

This page was last edited on 9 February 2025, at 03:34.