How to Install a Free SSL Certificate in Plesk (Step by Step)

Plesk SSL installation is one of the quickest ways to move your site to HTTPS in just a few minutes. The Plesk interface differs from cPanel: the menu names and screen layout are different. In this guide we walk you through uploading the free certificate you downloaded into the Plesk panel and assigning it to your domain from start to finish. If you do not have a certificate yet, first grab your files as a single ZIP with our free SSL wizard.

Required files

The three pieces of text you will paste into Plesk are already waiting inside your ZIP archive:

  • certificate.crt — the certificate for your domain (Certificate field)
  • private.key — the private key (Private Key field)
  • ca_bundle.crt — the intermediate chain (CA Certificate field)

You can open these files in a text editor and copy their contents, or upload them directly to Plesk. The fullchain and .pfx files are for other scenarios; in the classic Plesk flow these three fields are all you need.

Step 1 — The SSL/TLS Certificates screen

Log in to your Plesk panel and go to Websites & Domains in the left menu. Find the card for the relevant domain, open it, and click the SSL/TLS Certificates link. This screen lists every certificate belonging to that domain.

On the page that opens, click the Add SSL/TLS Certificate button. A new certificate form appears.

Step 2 — Adding the certificate and key

At the top of the form is the Certificate name field; type a name you will recognize (for example 90dayfreessl-2026). Below it, in the Upload the certificate files section, you will see two options.

  1. Paste as text: In the three text boxes at the bottom of the page, paste the following in order:
    • Private Key (*.key) → contents of private.key
    • Certificate (*.crt) → contents of certificate.crt
    • CA Certificate (*-ca.crt) → contents of ca_bundle.crt
  2. Upload files: Alternatively, in the Upload the certificate files box, use Browse to pick each file for its field.

When pasting, include the -----BEGIN----- and -----END----- lines. Then click Upload Certificate (or the Save button at the bottom). The certificate is now added to the list.

Tip: If the key and certificate do not match, Plesk shows a "key does not match" warning. In that case, make sure you took both files from the same ZIP.

Step 3 — Assigning the certificate to the domain

Adding the certificate is not enough on its own; you must bind it to the domain. There are two ways:

  • Via Hosting Settings: Websites & Domains → domain → Hosting Settings. Under the Security heading, check the SSL/TLS support box and pick the certificate you just added from the Certificate drop-down. Save with OK.
  • Via Secure your sites: In some Plesk versions, the Secure your sites button on the SSL/TLS Certificates screen assigns the certificate directly.

Step 4 — HTTPS redirection

To make visitors always reach HTTPS instead of HTTP, enable a permanent redirect. On the Hosting Settings screen, just below where you enabled SSL support, check the Permanent SEO-safe 301 redirect from HTTP to HTTPS box and save with OK.

Because this option uses a 301 (permanent) redirect, search engines treat the HTTPS version as the canonical address and your SEO value is preserved. You do not need to write a manual .htaccess rule.

Verification and renewal

Open your site in a browser with https:// and look at the lock icon in the address bar. If the lock appears and the validity date in the certificate details is correct, the installation is complete. If you like, use an independent SSL testing tool to confirm the chain (CA Bundle) loaded fully.

Free certificates are valid for 90 days. A few days before expiry, repeat the same steps from this article: get the new ZIP with our free SSL wizard, add the new files in Plesk via Add SSL/TLS Certificate, and reassign them to the domain. The email reminder keeps you from missing the date.

Summary

Plesk SSL installation comes down to this chain: get the files → add them on the SSL/TLS Certificates screen → assign to the domain → enable the HTTPS redirect → verify the lock. Repeat the same loop every 90 days and your site stays encrypted without interruption. To start right now, download your CRT, KEY and CA Bundle as a single ZIP with our free SSL wizard.