Updating an SSL certificate on Plesk Parallels

I seem to keep forgetting the steps here, when I have to re-do it every few years.

  1. Create a CA bundle file, in the proper order, via the steps here.
  2. In the Plesk dashboard (tested in v9.5.4), go to Home->Domains->yourdomain.com->SSL Certificates, and add a new one.  Paste in, or upload your certificate file for “Certificate” and the bundle file for “CA Certificate”.  I think the first time through, you may have to add in the private key file as well.
  3. Go up a level to Web Hosting Settings and select the new certificate you just made.
  4. Go to Home->Services Management, and stop Apache and then start it.  This step may be extraneous.
  5. You’re not done yet!  Now put the bundle file, certificate, and private key somewhere safe on the server filesystem.  The first two may now be in /usr/local/psa/var/certificates/ but it’s not clear they are ever used – at any rate we’ll ignore them.
  6. Update /etc/httpd/conf.d/ssl.conf with the following:
    # This seems to override whatever is in the domain VirtualHost.
     SSLCertificateFile /path/to/domain_com.crt
     SSLCertificateKeyFile /path/to/domain.com.key
     SSLCACertificateFile /path/to/domain_com.ca-bundle
    
  7. Now bounce Apache again.  You’ll see the new certificate.

If you run into trouble you can check this out for details on how to verify the SSL certificate being sent.

Leave a Reply

Your email address will not be published. Required fields are marked *