• Article for your preferred language does not exist. Below is international version of the article.
Versioni tradotte dell'articolo:

How do I set the SSL certificate for Plesk installed inside a Virtuozzo container?

  • Parallels Plesk Panel
  • Parallels Virtuozzo Containers


NOTE: This article is for Virtuozzo 2.6x/3.x/4.x systems with Parallels Plesk Control Panel 7x./8.x/9.x Containers. PVA (versions 4.5 and higher) is not supported.

For details on Virtuozzo 3.x/2.6.x version, please follow this procedure.
For details on Virtuozzo 3.x/4.x version and Parallels Plesk Panel 7.x/8.x/9.x, please follow this procedure.
For details on Parallels Plesk Panel 10, please follow this procedure.

If Parallels Plesk Panel (Plesk) is installed inside a Parallels Virtuozzo Containers (Virtuozzo) container and offline management is turned on for that container, then all requests to Plesk Panel port 8443 are intercepted by a Virtuozzo Service Container. If you set your own SSL certificate for Plesk Panel with the "Secure Control Panel" option, this certificate will not be used. Instead, a default SSL certificate installed inside a Virtuozzo Service Container will be used.

If you want to set up a separate SSL certificate into a container with Plesk:

For Virtuozzo 3.x/2.6.x version you may use the following instructions:

Lets assume we have container #101 with IP address '' and hostname 'plesk.example.com.'

1. Obtain the SSL certificate from container #101. It is accessible as a /vz/root/101/usr/local/psa/admin/conf/httpsd.pem file on a hardware node, split into separate files ( and files), which contain certificate and private key parts respectively. Place these files into a Service Container in the /vz/root/1/etc/vzcp directory.

2. Add the following section to the end of the /vz/root/1/etc/vzcp/httpd.conf file for the Virtuozzo 3.x:

ServerName "plesk.example.com"
ProxyPreserveHost On

RequestHeader set X_VZCP_API_VERSION 30000
RequestHeader set X_VZCP_PROXY_MODE 1
RequestHeader set X_VZCP_PSA_PORT 8443
RequestHeader set X_VZCP_PSA_PROTO https
RequestHeader set X_VZCP_PSA_BASE_URL /vz/cp/psa/frameset
RequestHeader set X_VZCP_PSA_NOSERV_URL /vz/cp/psa/noservice
RequestHeader set X_VZCP_PSA_RESTORE_URL /vz/cp/psa/restore_session
RequestHeader set X_VZCP_PSA_PASSWD_URL /vz/cp/restore-password

SSLEngine on
RewriteEngine on
RewriteRule ^/?$ /vz/cp/psa/frameset [R]
RewriteRule ^/vz/cp/?$ /vz/cp/psa/frameset [R]
RewriteRule ^/login\.php3.*$ /vz/cp/psa/frameset [R]
RewriteRule ^/(vz|psa|favicon.ico) - [L]
RewriteRule ^(/.*)$ http://%{SERVER_ADDR}:8880$1 [P,QSA]

SSLCertificateFile "/etc/vzcp/"
SSLCertificateKeyFile "/etc/vzcp/"

SetEnv VZCP_PORT 8443
SetEnv VZCP_PSA_BASE_URL /vz/cp/psa/frameset

ErrorDocument 502 "/vz/cp/psa/noservice"

If you need to use a CA Certificate, also add a SSLCACertificatePath directive and specify the path to the file that contains the CA Certificate.

NOTE: if you have Virtuozzo 2.6.2 installed, please change X_VZCP_API_VERSION to 20602 so that the corresponding line looks like this:

RequestHeader set X_VZCP_API_VERSION 20602

3. You may set the ServerName or check if it is possible to resolve the hostname by IP from inside a Service Container. You may add this line into /etc/hosts inside a Service Container if needed: plesk.example.com

4. Restart the 'vzcp' service inside a Service Container:

# vzctl exec 1 service vzcp restart

For Virtuozzo 3.x and 4.x version and Plesk 7.x, 8.x and 9.x: Download the attached ssl_cert_vzplesk.pl.gz file (see attachments at the end of the article). Extract and run it on the Virtuozzo node. Follow these instructions:

# gunzip ssl_cert_vzplesk.pl.gz
# ./ssl_cert_vzplesk.pl -h

NOTE: the attached script is working correctly for Parallels Plesk Control Panel 7.x, 8.x, and 9.x.

For Virtuozzo 4.x version and Plesk 9.x, you may also use this manual procedure:

In this example, we assume that we have Virtuozzo Container #101 with the hostname 'plesk9.example.com' (where Plesk is installed) and IP addresses '' and ''

1. First, it is necessary to obtain the SSL Certificate and Key for the Plesk Container #101. Then save them as files /etc/vzcp/plesk-$CTID.pem inside Service Container #1.

Example of the content:

[root@HW_NODE ~]# cat /vz/root/1/etc/vzcp/plesk-101.pem
key body here

certificate body here

2. iA /etc/vzcp/addon_httpd_conf/plesk9-ssl.conf file should be created inside the Service Container with content such as below:

# cat /vz/root/1/etc/vzcp/addon_httpd_conf/plesk9-ssl.conf
  ServerName plesk9.example.com

# mod_proxy must  send Host: field from client request to backend as-is
# This header used by psa apache for calculate some significant varibles like
# server_name
  ProxyPreserveHost On

# when turn SSLEnginge OFF, remember correct redirect cookie:

 RequestHeader set X_VZCP_PROXY_MODE 1
# take care about sync "API" and functionality in xsl code.
        RequestHeader set X_VZCP_API_VERSION    30000
  RequestHeader set X_VZCP_PSA_PORT 8443
  RequestHeader set X_VZCP_PSA_PROTO https
  RequestHeader set X_VZCP_PSA_BASE_URL    /vz/cp/panel/plesk/frameset
  RequestHeader set X_VZCP_PSA_NOSERV_URL  /vz/cp/panel/plesk/noservice
  RequestHeader set X_VZCP_PSA_RESTORE_URL /vz/cp/panel/plesk/restore_session
  RequestHeader set X_VZCP_PSA_PASSWD_URL  /vz/cp/restore-password

 SSLEngine on
  SSLCertificateFile "/etc/vzcp/plesk-101.pem"
  SSLCertificateKeyFile "/etc/vzcp/plesk-101.pem"

 RewriteEngine on
  RewriteRule ^/?$ /vz/cp/panel/plesk/frameset [R]
  RewriteRule ^/vz/cp/?$ /vz/cp/panel/plesk/frameset [R]
  # For correct SSO work the next rule must be replaced by:
  # RewriteCond %{QUERY_STRING}  ^previous_page=login_up
  # RewriteRule ^/index\.php /vz/cp/panel/plesk/frameset [R]
  RewriteRule ^/login\.php3.*$ /vz/cp/panel/plesk/frameset [R]
  RewriteRule ^/(vz|psa|favicon.ico) - [L]
  RewriteRule ^(/.*)$
http://%{SERVER_ADDR}:8880$1 [P,QSA]

 SetEnv VZCP_PORT 8443
  SetEnv VZCP_PSA_BASE_URL /vz/cp/panel/plesk/frameset

 ErrorDocument 502 /vz/cp/panel/plesk/noservice

3. The config file 'plesk9-ssl.conf' should be included in /vz/root/1/etc/vzcp/httpd.conf with the following line after including 'plesk.conf':

  Include /etc/vzcp/addon_httpd_conf/plesk9-ssl.conf

4. Restart the Virtuozzo Control Panel service in order to apply changes:

# vzctl exec2 1 service vzcp restart

Power Panel does not work with Plesk 10.x.  
This part of Offline Management must be disabled as stated in the Plesk Deployment Guide.


909d99074e442b52ce54cc7b31cf065d 49af2da0f2dd4c81e962790bbbd0c2b4 56797cefb1efc9130f7c48a7d1db0f0c 2897d76d56d2010f4e3a28f864d69223

Questo articolo è stato utile?
Facci sapere come possiamo migliorarlo.
Virtualizzazione di Desktop
- Parallels Desktop 8 per Mac
- Parallels Desktop Switch to Mac Edition
- Enterprise
- Parallels Desktop per Mac Enterprise Edition
- Parallels Management Suite per Microsoft SCCM
- Tutti i Prodotti di virtualizzazione di desktop »
Piattaforme di Hosting & di Automazione di Cloud
Parallels Plesk Panel Suite
- Parallels Plesk Panel
- Parallels Plesk Automation
- Parallels Web Presence
Parallels Automation Suite
- Parallels Automation
- Parallels Automation for Cloud Infrastructure
- Parallels Business Automation Standard
Parallels Virtualization Suite
- Parallels Cloud Server
- Parallels Virtuozzo Containers
- Parallels Virtual Automation
Servizi & Risorse
- Services Cloud Acceleration
- Servizi professionali
- Servizi di supporto
- Training & Certificazione