SSL Certificate Problems: Difference between revisions
m Fix numbered headers |
m Add note about Wildcard certificates not being supported |
||
| Line 3: | Line 3: | ||
== Installing a Let's Encrypt SSL Certificate == | == Installing a Let's Encrypt SSL Certificate == | ||
=== Navigate to the Let's Encrypt Settings === | |||
Navigate to the Let's Encrypt settings using the steps below: | Navigate to the Let's Encrypt settings using the steps below: | ||
| Line 9: | Line 9: | ||
'''Login > Plesk > Websites & Domains > [ domain ] > Dashboard tab > Security section> SSL/TLS Certificates button > Let's Encrypt settings''' | '''Login > Plesk > Websites & Domains > [ domain ] > Dashboard tab > Security section> SSL/TLS Certificates button > Let's Encrypt settings''' | ||
=== Install the Certificate === | |||
Click on the 'Install' button. | Click on the 'Install' button. | ||
| Line 15: | Line 15: | ||
[[File:ssl-install.png]] | [[File:ssl-install.png]] | ||
=== Select Certificate Options === | |||
In addition to selecting the `Secure the domain name` option, we also recommend selecting the following options: | In addition to selecting the `Secure the domain name` option, we also recommend selecting the following options: | ||
* Include a "www" subdomain for the domain and each selected alias | * Include a "www" subdomain for the domain and each selected alias. | ||
* Secure webmail on this domain | * Secure webmail on this domain. | ||
* Assign the certificate to the mail domain | * Assign the certificate to the mail domain. | ||
'''Note:''' Securing webmail cannot be done during the 2 hours following domain creation, because it requires an Apache restart. Apache restarts every 2 hours, so if you're setting up SSL on a brand new account or a new domain that's just been added, you will need to return to these settings later to activate the webmail security feature. | '''Note:''' Securing webmail cannot be done during the 2 hours following domain creation, because it requires an Apache restart. Apache restarts every 2 hours, so if you're setting up SSL on a brand new account or a new domain that's just been added, you will need to return to these settings later to activate the webmail security feature. | ||
| Line 28: | Line 28: | ||
[[File:ssl-get-cert.png]] | [[File:ssl-get-cert.png]] | ||
You should see that 'Keep websites secured' is now 'Enabled' | You should see that 'Keep websites secured' is now 'Enabled'. | ||
We also recommend activating the 'Redirect from http to https' option | We also recommend activating the 'Redirect from http to https' option. | ||
[[File:ssl-check-settings.png]] | [[File:ssl-check-settings.png]] | ||
==== Wildcard Certificates ==== | |||
HelioHost does not currently support Wildcard certificates, due to a lack of integration between Plesk and our DNS. We cannot change this setting, so please disregard the message in Plesk suggesting your hosting provider can fix it. Wildcard SSL is actually less secure than installing a certificate on each domain. We recommend installing a certificate on each domain instead. | |||
== Troubleshooting == | == Troubleshooting == | ||
| Line 42: | Line 46: | ||
If the certificate is expired or invalid: | If the certificate is expired or invalid: | ||
* Reissue the certificate | * Reissue the certificate. | ||
* Wait '''a full 2 hours''' | * Wait '''a full 2 hours'''. | ||
* [[:Clear_Your_Cache|Clear your cache]] to ensure the changes are applied correctly | * [[:Clear_Your_Cache|Clear your cache]] to ensure the changes are applied correctly. | ||
== If the Certificate is NOT Expired == | == If the Certificate is NOT Expired == | ||
| Line 50: | Line 54: | ||
If the certificate is not expired: | If the certificate is not expired: | ||
* Unassign the certificate from the domain | * Unassign the certificate from the domain. | ||
* Reassign the certificate to the domain | * Reassign the certificate to the domain. | ||
* Wait '''a full 2 hours''' | * Wait '''a full 2 hours'''. | ||
* [[:Clear_Your_Cache|Clear your cache]] to ensure the changes are applied correctly | * [[:Clear_Your_Cache|Clear your cache]] to ensure the changes are applied correctly. | ||
== Ensure Redirect HTTP to HTTPS is Off == | == Ensure Redirect HTTP to HTTPS is Off == | ||
| Line 68: | Line 72: | ||
Plesk can also redirect to https. To disable this redirect: | Plesk can also redirect to https. To disable this redirect: | ||
* Login at [https://heliohost.org/login/ heliohost.org] | * Login at [https://heliohost.org/login/ heliohost.org]. | ||
* Continue to Plesk | * Continue to Plesk. | ||
* Websites & Domains | * Websites & Domains. | ||
* Hosting & DNS | * Hosting & DNS. | ||
* Hosting | * Hosting. | ||
* Uncheck the option Redirect visitors from HTTP to HTTPS | * Uncheck the option Redirect visitors from HTTP to HTTPS. | ||
[[File:redirect_http_to_https.png]] | [[File:redirect_http_to_https.png]] | ||
Latest revision as of 00:22, 26 November 2025
SSL Certificate Problems
Installing a Let's Encrypt SSL Certificate
Navigate to the Let's Encrypt settings using the steps below:
Login > Plesk > Websites & Domains > [ domain ] > Dashboard tab > Security section> SSL/TLS Certificates button > Let's Encrypt settings
Install the Certificate
Click on the 'Install' button.
Select Certificate Options
In addition to selecting the `Secure the domain name` option, we also recommend selecting the following options:
- Include a "www" subdomain for the domain and each selected alias.
- Secure webmail on this domain.
- Assign the certificate to the mail domain.
Note: Securing webmail cannot be done during the 2 hours following domain creation, because it requires an Apache restart. Apache restarts every 2 hours, so if you're setting up SSL on a brand new account or a new domain that's just been added, you will need to return to these settings later to activate the webmail security feature.
Click on the 'Get it free' button to install the certificate.
You should see that 'Keep websites secured' is now 'Enabled'.
We also recommend activating the 'Redirect from http to https' option.
Wildcard Certificates
HelioHost does not currently support Wildcard certificates, due to a lack of integration between Plesk and our DNS. We cannot change this setting, so please disregard the message in Plesk suggesting your hosting provider can fix it. Wildcard SSL is actually less secure than installing a certificate on each domain. We recommend installing a certificate on each domain instead.
Troubleshooting
If you have issues with the Let's Encrypt SSL certificate on your domain or subdomain, here are some things to check:
Check if the Certificate is Expired or Invalid
If the certificate is expired or invalid:
- Reissue the certificate.
- Wait a full 2 hours.
- Clear your cache to ensure the changes are applied correctly.
If the Certificate is NOT Expired
If the certificate is not expired:
- Unassign the certificate from the domain.
- Reassign the certificate to the domain.
- Wait a full 2 hours.
- Clear your cache to ensure the changes are applied correctly.
Ensure Redirect HTTP to HTTPS is Off
If you can't issue a new certificate it might be because your website is redirecting to https. The verification file required to install SSL must be served over http, and if your website redirects to https the install will fail. Make sure you don't have a redirect to https in your .htaccess file, or make an exception to allow the .well-known directory to be served over http.
# redirect to https but allow http on .well-known
RewriteCond %{HTTPS} !=on
RewriteCond %{THE_REQUEST} !/.well-known/(.*)$ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Plesk can also redirect to https. To disable this redirect:
- Login at heliohost.org.
- Continue to Plesk.
- Websites & Domains.
- Hosting & DNS.
- Hosting.
- Uncheck the option Redirect visitors from HTTP to HTTPS.
After ensuring that neither .htaccess or Plesk redirect to https try issuing SSL again.
Further Support
If after following the above steps, waiting a full 2 hours, and clearing your cache, the problem is not fixed, please post a topic in the Customer Support forum. Make sure you provide your username, domain name, and any error message(s) received.