Securing Your Websites with the SSL It! Extension in Plesk Obsidian

SSL It! UPDATE Feb 2022

Converting Let’s Encrypt from a standalone extension into a plugin for SSL It!

Let’s Encrypt is an SSL solution offered by Plesk. However, from February 2022, Let’s Encrypt on Plesk will be converted into a plugin for the SSL It! Extension.

How does this affect SSL It! Customers?

With the added features from the Let’s Encrypt solution, you will now have even more SSL options for your sites and domains. You don’t need to take any action.

How does this affect Let’s Encrypt customers?

You keep the same features (i.e. all existing Let’s Encrypt certificates will remain and be kept up-to-date. Issuing/installing new certificates must be done through SSL It!), plus the additional features already available from SSL It! (as outlined below).

We have tried to make the transfer from Let’s Encrypt to SSL It! as easy as possible. All you need to do is install SSL It! and your new extension inherits some Let’s Encrypt settings and a new UI view on your SSL/TLS Certificate page. Nonetheless, SSL It! will be installed automatically as the Let’s Encrypt extension replacement after March 15th. To limit the ability to order paid SSL certificates, see here.

For more information, see the Change Log on the topic.

Securing your website with SSL is essential to ensure the privacy of your visitors and that you’re found online in 2020. Encrypt All The Things and Google’s push for more SSL adoption mean SSL is rapidly becoming the new standard. As a result, without SSL on your website, you risk a poor experience for your users and falling rankings. So, to solve this dilemma, we’ve developed the SSL It! extension.

It allows you to keep your websites secured with certificates from trusted certificate authorities (CAs) Let’s Encrypt and DigiCert (Symantec, GeoTrust, and RapidSSL brands), or with any other SSL/TLS certificate.

SSL It! comes already installed by default, and you can do everything from one, easy-to-use interface. You need the latest versions of the DigiCert SSL and Let’s Encrypt extensions to also be installed to get the most from it, but apart from that, it’s ready to go out-of-the-box.

To give you an idea of what the extension can help you do, here’s a rundown of its main features:

  • HTTP to HTTPS redirects to enhance the security of your website’s visitors
  • Prohibits web browsers from accessing your website via insecure HTTP connections
  • Improves website performance and protects privacy with OCSP Stapling.
  • Uses protocols and ciphers generated by Mozilla to make connections encrypted with SSL/TLS certificates more secure

SSL It! is a free extension, but SSL certificates themselves can be paid. Before we get into all that, let’s have a look at how you can use it to elevate your security.

Evaluating the SSL security of your website

Using the SSL It! extension, you can run one of the most popular testing services, Qualys SSL Labs, to check how good the SSL protection of your site is and discover what you can do to improve it.

Evaluating the SSL security of your website is as easy as doing the following:

  1. Go to Websites & Domains > your domain > SSL/TLS Certificates
  2. Click “Run SSL Labs Test”

The Qualys SSL Labs website will open in a new tab and the test will start automatically. Simply wait a few minutes until the test is finished, and you will receive a grade.

The highest possible grade is A+. If you secure your website with a valid SSL/TLS certificate from a trusted CA, and have turned on all security-enhancing features within the SSL It! extension (both steps we’ll look at next), you’re likely to receive top marks.

Securing websites with SSL/TLS certificates

To manage the SSL/TLS certificate of a domain, you first need to go to Websites & Domains > your domain. There you can see the current security status of your domain under SSL/TLS Certificates.

SSL It!

As you can see in the Tips & Tricks video below, by clicking SSL/TLS certificates you will see a list of certificates, all with clear descriptions so you can pick the right one for your needs.

For example, in the video, we select the Lets Encrypt certificate. All that needs to be done next is to enter a valid email address and choose what you want to secure. The first option, domain and the selected components, is a good option if you’re not sure what DNS settings you have in place.

On the next page, you’ll see that your domain and the selected components are now secured. From here, you can run the SSL Labs Test to see how secure your domain is. Like in the video, it’s likely your website will now score an A. You can improve your security further and raise this to the maximum score, A+, by turning on the four TLS-related options and sync TLS versions with Mozilla’s free service.

Enhancing the security of your websites

SSL It! will ensure your website is secured with a valid SSL certificate from a trusted CA. But this is not enough to ensure all-round protection. In particular, this extension contains four options that, when configured, will improve your website’s performance, enhance the security of your visitors, and harden the security of all servers’ encrypted connections. On top of this, enabling these features will boost your SSL Labs Test score to A+ and raise your website up the search engine rankings.

Here’s the four options with details of how they secure your website:

Redirect from HTTP to HTTPS:

The first option, redirect from HTTP to HTTPS, sets up a permanent, SEO-safe 301 redirect from the insecure HTTP to the secure HTTPS version of the website and/or webmail.

HSTS:

The second option, HSTS, prohibits web browsers from assessing your website via insecure HTTP connections. If visitors are unable to connect via HTTPS, for instance, because your certificate has expired, your website will become unavailable.

Keep websites secure:

The third option replaces expired or self-signed SSL certificates with free valid certificates from Let’s Encrypt. It covers each domain, subdomain, domain alias and webmail belonging to the subscription.

OCSP Stapling:

The last option, OCSP Stapling, forces the web server to request the status of the website’s certificate from the CA instead of the visitor’s browser.

On this page, you will also see there are ciphers managed by Mozilla which are constantly being updated. Click on TLS versions and ciphers by Mozilla to go to the settings page, and if you want to use the latest, click Sync now.

With your certificate installed, the four TLS-related options on, and ciphers synced, you can now do another run of SSL Labs Test. All that’s left to do is bask in the glory of your website’s A+ security rating.

There are many more things you can do to improve your website’s security within the extension, such as acquiring a paid SSL/TLS certificate or uploading your own. Check out this guide for more detailed info.

What is your experience with this extension? Share your thoughts or drop us a question or two by heading to the comments below!

9 Comments

  1. Does this also protects the mailserver? Because afer installing a mailserver certificate clients have a lot of trouble connecting

  2. okay, but I cannot find the place, where I can “select the created certificate” to do the trick?
    pleas advice, thx, Frank

  3. Hello there,

    The process of certificate uploading was simplified in SSL It! extension.
    As all required information is already contained in the .pem file, the only action which should be done is uploading .pem file at Domains > example.com > SSL/TLS Certificates > Upload…

    As described on this article:
    https://support.plesk.com/hc/en-us/articles/360002205273?page=1#comment_360001098340

    I’m doing the same from my ssl it window which look like this:
    https://prnt.sc/rnu53w

    I copied my certificates with private key(which i purchased from comodo) into .pem file as in the following format:
    —–BEGIN RSA PRIVATE KEY—–
    (Your Private Key: your_domain_name.key)
    —–END RSA PRIVATE KEY—–
    —–BEGIN CERTIFICATE—–
    (Your Primary SSL certificate: your_domain_name.crt)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (Your Intermediate certificate: DigiCertCA.crt)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (Your Root certificate: TrustedRoot.crt)
    —–END CERTIFICATE—–

    Then i uploaded it as described above..
    After i uploaded it i got this notification:
    https://prnt.sc/rnuap4

    And nothing happen!
    It still show that my site not secured.
    This how it looks in my Advisor window:
    https://prnt.sc/rnujz5

    Since i’m not allowed to manage my certificate in my plan..
    Do you have further guides that could help, pleas!
    I would appreciate it too much.
    Waiting for your replay.

    Thank you!

  4. This is real super information. Thanks for sharing!

    • Hi Nuno,

      Thank you for clarifying by adding the thread. We suggest you submit a request with our Plesk Support to make sure someone can take a deeper look at your situation. Hopefully, this helps.

Add a Comment

Your email address will not be published. Required fields are marked *

GET LATEST NEWS AND TIPS

  • Yes, please, I agree to receiving my personal Plesk Newsletter! WebPros International GmbH and other WebPros group companies may store and process the data I provide for the purpose of delivering the newsletter according to the WebPros Privacy Policy. In order to tailor its offerings to me, Plesk may further use additional information like usage and behavior data (Profiling). I can unsubscribe from the newsletter at any time by sending an email to [email protected] or use the unsubscribe link in any of the newsletters.

  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden

Related Posts

Knowledge Base