How to install a free StartSSL certificate in Plesk

(Versión en español aquí)

Here I leave you a trick about how to install a free startssl certificate in Plesk.

1 .- Validate in Plesk, go to the domain and then click to certificates.

2 .- Fill certificate data form (I recommend using 2048-bit),  accept and send the request. This will generate the CSR key and private key.

3 .- Go to, make an account and go to the control panel. The first thing you must do is validate the corresponding domain at option validations option wizard -> domain name validation.

4 .- You enter the domain and you’ll get several addresses related to the domain (hostmaster, webmaster and those that may appear on the contacts of the domain registration)

5 .- You will receive in the email account a code that you must enter on the check box. Domain name is now validated.

6 .- Validations wizard -> web server SSL certificate. This step asks you a new password and the encryption level, well, do not put ANYTHING! This option is to generate a key that you already have. So give the skip option.

7 .- Submit Certificate Request (CSR) -> Here just paste the plesk generated CSR signature.

8 .- Select the domain name  and use www subdomain. U’ll get the certificate after finishing this point.  Now you can paste the certificate in Plesk. Care, paste in «certificate», not «CA certificate». We almost have the certificate ready.

9 .- Download both StartSSL root certificates. The first is the intermediary ( https:// ) and the second root ( / certs / ca.pem).

10 .- Copy both fines into one:

<php> root# cat ca.pem > catoot.pem </php>

11.- Upload new catroot.pem file to your plesk certificate. This time is better you use the CA certificate button to send directly the file.

12.- Plesk -> Server -> IP addresses -> select your desired IP -> choose your new certificate.

13.- Stop apache and start it again (better than restart). U’re done !

14.- Just use all internet browsers and confirm that all is working fine 🙂

12 comentarios en “How to install a free StartSSL certificate in Plesk

  1. Pingback: Tweets that mention How to install a free SSL certificate in Plesk: --

  2. Pingback: Setting the SSL cert for Plesk Control Panel

  3. Pingback: Instalar certificado StartSSL en plesk |

  4. Hi, this seems to be easier in the Plesk build I’m using (9.5.2) – use the StartSSL control panel to generate a certificate as usual, then create a PFX file using the StartSSL control panel tool. Convert this into a .PEM file using OpenSSL (instructions at, then use this file as your private key, the .crt file you generated during the StartSSL process as your domain certificate, and the combined intermediate and root certificate authority file you created in step 10 above as your CA certificate. No copying and pasting text needed!


  5. As opposed to «cat ca.pem > cat[r]oot.pem», says:
    «Be sure to paste the certificates in the following order the Intermediate CA certificate, followed by the Root certificate.»

    Which of the two is the correct order then? My experience suggests its the former, i.e. root followed by intermediate (as in your proposed one-liner except for the typo), but the contrary seems to be indicated in the Plesk manual at the above URL as well as if anyone can make immediate sense of the double reversal in what roughly translates to «all intermediate certificates as well as the root certificate in reverse order (i.e. according to the certification path from bottom to top)».

  6. Dear TEN, I don’t use Plesk since one year ago, cPanel is much stable and robust than swsoft. What I can remember is that a lot of theorical and official howto’s didn’t work, that’s why I created this howto.

    I recommend you to try my way and if that doesn’t work try the other Howto’s.

    Cheers ! 😉

  7. The Zertifikat will not be gone. i get the messages:

    Fehler: Zertifikat kann nicht konfiguriert werden: Ungültiges Zertifikatsformat.

  8. Does your blog have a contact page? I’m having a tough time locating it but, I’d like to shoot you an email. I’ve got some recommendations for your blog you might be interested in hearing. Either way, great blog and I look forward to seeing it develop over time.
    It’s a shame you don’t have a donate button! I’d without a doubt donate to this fantastic blog! I suppose for now i’ll settle for bookmarking and adding your RSS feed to my Google account. I look forward to new updates and will share this site with my Facebook group. Chat soon!

    lebron james shoes for sale|

  9. Hello,

    Thanks so much for your tutorial! Just one note: In Plesk 11 at least, if you are going to create a certificate at the domain level (for a domain), you can only choose that (created) certificate at the domain level as well – not through the IP management.

    Thanks again, and cheers!


  10. Hello,

    Many Thanks for the tutorial!
    Unfortunately, We are facing problem to get it work under Plesk 11.5.30 on a CentOS 6.4 box. The problem is only with FireFox, site works perfectly fine when viewed from Chrome / IE. It throws the following error when viewed from FF:
    (Error code: sec_error_unknown_issuer)

    We contacted StartSSL and they mentioned to make sure we have following apache configuration:
    SSLCertificateFile /usr/local/apache/conf/ssl.crt
    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key
    SSLCertificateChainFile /usr/local/apache/conf/
    SSLCACertificateFile /usr/local/apache/conf/ca.pem

    Again, in plesk 11.5 no way we could set the SSLCertificateChainFile.
    We tried all four following options for CA:

    catroot – as mentioned in this tutorial – does not work
    catroot – reverse order (cat ca.pem > catoot.pem) – does not work
    ca.pem – does not work – does not work

    Any pointer will be extremely helpful.

    Thanks in advace.

    Best Regards,
    Nirjhareswar Banerjee

  11. I had problems too getting this into plesk (11.5.30), the reason was, that the supplied PEM encoded intermediate and root certificates from startSSL are not PEM encoded in a way anyone would expect, at least they are not ASCII (base64) text file style. On the other hand the DER encoded certificates are perfectly good to go.

    You can therefore create your own working PEM files from the DER encoded crt files using openssl (tested on Linux):

    root# openssl x509 -in ca.crt -inform der -outform pem -out ca.pem
    root# openssl x509 -in -inform der -outform pem -out

    Hope this helps.

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *