Question

When I login to plesk via SSH link it shows unsecured on browser. Please help.

Posted November 2, 2019 647 views
WordPressSecurityControl Panels

I’m logging into an IP address but it shows unsecured. How do I secure it via an SSL? Note that my websites inside wordpress are SSL secured. Just need help with plesk being unsecure.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
4 answers

Hello,

It happens usually when the SSL certificate assigned to Plesk is expired or self-signed.

I would recommend following the steps from the official Plesk documentation here on how to fix that problem:

https://support.plesk.com/hc/en-us/articles/213954265

Hope that this helps!
Regards,
Bobby

So I tried following the steps for Let’s Encrypt part. I’m unsure what must enter in the domain name section. I tried entering the IP address but that’s not allowed.

Tried entering droplets name.local and it says Error: Could not issue a Let’s Encrypt SSL/TLS certificate for ‘Droplet name.local’

Perhaps this domain is at risk group and is blacklisted on the Let’s Encrypt side.

So no IP addresses and no droplet name. What exactly should I enter in there?

  • Hi @notslow ,

    So if you would like to use the HTTPS protocol (secured HTTP), you will need a certificate. Like @bobbyiliev mentioned, if you do not get a valid cert you will get a warning. You can still continue tho, by ignoring the warning and clicking “Continue” in your browser.

    If you like to create a free Let’s Encrypt SSL certificate you need a domain to be used. Certificates are bound to domains like example.com and can not be binded to an IP address. That’s why your setup above isn’t working.

    Hope this helped you. If not, feel free to request some more help

    • Hi @ForYourIT,

      I’m having the same issues as OP.

      I created a sub domain so I can secure plesk but not sure what to do next.

      When I go to plesk>tools&settings>ssl/tls certificates>let’s encrypt

      Then I enter my domain name, then my email address and click on renew. I get the following message:
      Information: A new Let’s Encrypt certificate has been generated for (sub domain).

      But I still see the “not secure” warning

      Any help in this matter is appreciated.

      Thanks,

      Paul G

Hi @pauljgonzales30 , please try the following and see if that works.

  1. Return to the Websites & Domains tab and click on Hosting settings next to the domain in question.
  2. On the next page locate the Security section, select the certificate from the drop-down list and make sure that SSL Support is checked.
  3. Click OK at the bottom of the page to save the changes.

The site should be accessible via https:// from now. You can check the installation using this tool:

Hi @ForYourIT,

I think I got it working. Thanks a lot.

A couple of follow up questions:

  1. So when I log in with putty and I input my IP, then my id and password then copy and paste the URL in my browser, the plesk website still shows unsecured. But when I log in through my domain it shows secure. Is there a difference between either of them?
  2. Which one is more secure? and which one you would recommend for me to use when login into plesk?

I’m fairly new to using Plesk and I’m trying to learn as I go.

Thanks in advance for your time and help.

Best,

Paul G

  • Hi Paul,

    No problem!

    1. Yes, SSL certificates are authenticated and verified based on a domain name associated with it. Because of this, the HTTPS will only be secure when using the domain.
    2. As explained above ;) To add on this, I would recommend only allowing the domain by redirecting the IP. You can find more about this at the Plesk help page.

    Hope this helps you!
    ~Bjorn

    • Hi Bjorn,

      It worked. thanks a lot!

      So just to make sure I did it right. When I login through SSH (putty) and I log in with my credentials and then copy and paste the URL to my browser, it redirects to my domain.

      Is that correct? or should I follow the steps to redirect my domain to my server hostname? Is that safer?

      Thanks in advance,

      Paul G

Submit an Answer