Scenario:
My server's main IP is 123.123.123.123
So my Plesk entry is on IP 123.123.123.123:8443
I have host.mydomain.com as hostname
So, obviously the hostname is nested on the domain mydomain.com
Mydomain.com is hosted on the main IP 123.123.123.123
As the result my entery to Plesk shows https://host.mydomain.com:8443

Problem:
I ordered a starterSSL for mydomain.com, thinking that by applying the certificate to mydomain.com I can automatically certify the Plesk entry, which uses the same IP, and the hostname that is related to mydomain.com

I installed the certificate, and spent a whole lot of time trying to figure out why it not only fail to work on host.mydomain.com:8443, but also fail on https://www.mydomain.com. Read all documentation from Plesk and every thread here, and finally gave up and sent in a ticket.

The answer from EV1 support came as that I could not use the certificate for mydomain.com if it is hosted on the main IP, and that I must host mydomain.com on an additional IP if I wanted to apply the certificate on this domain.

OK. I am a little confused here. First, if I host mydomain.com on an additional IP, how could that cover the Plesk entry on a different IP?

Second, if I host mydomain.com on a different IP, how does it effect the hostname, host.mydomain.com, that is, to my understanding, pointing to the server IP? Since mydomain.com will be on 567.567.567.567, would I need to make the 'A' entry for host.mydomain.com back to the server IP 123.123.123.123?

Ultimately, my question is, what is the proper procedure to apply an SSL certificate to Plesk's entry so that the customers won't see that security warning when accessing Plesk?

Hope someone can help.

Sam

Ok, this was some what very hard for me to do as well and the information from ev1servers was not all that helpful but it got me thinking so it was info in the right place. So i'll break it down like this for everyone looking to use their main domain along with plesk and have plesk be able to use your SSL.

First make sure you goto the server link in plesk and then goto IP Pool click on the main IP that you use for your server and set the server cert to the default cert. This is very important in order to start the processe of setting up your real cert attached to your ded ip for the box/server.

Next, If you have a cert that was set up in domains >>certificates you'll want to remove the cert and this should be able to be done now that you sent the cert for your main ip to the default cert.

Click on the server link to the left in the plesk menu and then goto Certificates button and click on it. No matter what you do you'll need to generate a new csr & key to send in to the company you ordered your SSL cert from this way they can generate you an new SSL cert for the area you need it in cause the one you made if you made one under Domains >>Certificates will not work.

Now once you have the info and certs back from your SSL cert provider you want to go back to server >>certificates and then click on the certificate you newly generated the csr/key for and then scroll down to where you can browse to add the certificate and the CA files. Now load the files and once you're done doing that you'll want to go back to servers >>IP Pool and select your main IP and use the drop down menu to select your new cert which will be whatever you named it when you generated the new csr / key files.

once you set the cert to the main IP you should have a crown next to the left of the IP. Now this is important cause you're not done yet you need to go back to server >>Certificates and check the box next to your certificate and set it as the default cert after that make sure the box is checked still and select setup <----Careful make sure you read and do what it says while it's trying to set your certificate. after all that you should be done.


I know this is shabby but i'm typing this fast cause i have little time. so, Recap.

1. Make sure you have no certificates listed under Domains >>Certificates that is for your Domain and the Main IP to the box / server.

2 Your certificate for the box / server is gonna be placed at the Server >>Certificates area NOT the domains >> certificates area.

3. Make sure you set the main IP to the box / Server to the default certificates in the Server >>IP Pool area.

4. Make sure you send in your NEW csr file to the SSL cert provider make make sure it's generated from step 1 area.

5. Once added make sure you set the IP to the new certificate and then go back and make sure you use setup after you set the cert as default notice i said default.


Well i'm not proof reading this but if you have any questions or you need help and don't understand you can send me an email to mberger@dinoshells.com and i'll try to help you.

- Mark