Plesk Let’s Encrypt extension behavior is governed by a number of
settings, for example:
- How far in advance of the expiration date Let’s
Encrypt Certificates are renewed. - Whether the requests to the
ACME
server are recorded in the Plesk log or not. - The size of the
RSA private
key, and so on.
You can change these settings by specifying custom values in the
[ext-letsencrypt] section of the panel.ini
configuration file. For example, to have Let’s Encrypt renew
certificates 45 days in advance and to change the size of the RSA
private key to 4096 bits, add the following section to the panel.ini
file:
[ext-letsencrypt]
renew-before-expiration = 45
rsa-key-size = 4096
Keeping websites secured with free SSL/TLS certificates from Let’s Encrypt
The Let’s Encrypt extension can automatically keep hosted websites
secured with free, trusted SSL/TLS certificates from Let’s Encrypt. This
feature can be turned on or off for every individual hosting plan. When
you turn this feature on for a hosting plan, for every domain,
subdomain, domain alias, or webmail that belongs to a subscription based
on that hosting plan and that is:
- Secured with a self-signed SSL/TLS certificate.
- Secured with an expired SSL/TLS certificate.
- Not secured with an SSL/TLS certificate.
the self-signed or expired SSL/TLS certificate is replaced with a Let’s
Encrypt certificate.
You can also have the Let’s Encrypt extension replace SSL/TLS
certificates that are not issued by one of the trusted certificate
authorities in addition to self-signed and expired SSL/TLS certificates.
To do so, set the check-domain-cert-authority setting to true. Read
more about the check-domain-cert-authority setting in “Let’s Encrypt
settings list”.
To keep websites secured with free SSL/TLS certificates from Let’s
Encrypt:
- Go to Service Plans.
- On the “Hosting Plans” tab, either click Add a Plan to create a
new plan or click the name of an existing plan…
with