How to Install a GoDaddy SSL Certificate on Plesk Windows Hosting

By Mark D. Albin, MS

A clear, no-guesswork walkthrough from IT Master Services — including the one mistake that causes most GoDaddy + Plesk SSL errors.

Installing a purchased GoDaddy SSL certificate on GoDaddy Windows Hosting with Plesk should be a five-minute job. In practice, it derails constantly — not because it's hard, but because GoDaddy's own instructions blur the difference between two files that must go in two different places. Get that one thing right and the rest is easy.

The single most important rule: your domain certificate and the CA / intermediate bundle are two different files that go into two different Plesk fields. The domain certificate goes in the Certificate (*.crt) field; the GoDaddy bundle goes in the CA certificate field. Swap them and Plesk throws confusing errors.

Before You Begin

This guide covers installing a certificate that GoDaddy has already issued. A few things need to be in place first:

  • A CSR and private key generated in Plesk. In Plesk, under Websites & Domains → SSL/TLS Certificates, you create a certificate entry that generates a Certificate Signing Request (CSR) and its matching private key. This private key never leaves Plesk — and your issued certificate must match it. If your certificate was requested with a CSR from somewhere else, you'll need to rekey it in GoDaddy using the CSR from Plesk.
  • An issued GoDaddy certificate. In your GoDaddy account, the SSL status should read Certificate issued for your domain.
  • Admin access to Plesk for the hosting account.

Quick Reference: Which File Goes Where

Plesk Field Correct File
Certificate (*.crt) Your domain / site certificate — a .crt file, often named with a long hash (for example yourdomain.crt). This is the file that matches your Plesk private key.
CA certificate (*-ca.crt) The GoDaddy CA / intermediate bundle — typically named like gd_bundle-g2.crt or gd-g2-bundle.crt.pem. This proves the chain of trust up to GoDaddy's root.
Do not use for CA A .pem copy of your domain certificate. Unless GoDaddy/Plesk specifically tells you to, this is just the domain certificate again — not the CA bundle.

Step 1: Confirm the Certificate Is Issued and Download the Files

In your GoDaddy Certificate Details, confirm the status shows Certificate issued and that the listed domain name is correct. Then download the certificate.

For Windows Hosting with Plesk, GoDaddy commonly offers an IIS download. If Plesk needs the CA bundle as a separate .crt/.pem file, download the certificate again choosing Apache or Other — that package includes the domain certificate and a separate CA/intermediate bundle file. You want both.

Step 2: Open the Right Certificate Entry in Plesk

In Plesk, go to Websites & Domains → your domain → SSL/TLS Certificates. Open the same certificate entry that generated your CSR and private key — not a new blank one. This is what ties the certificate to the correct key.

Step 3: Upload the Domain Certificate

Upload your domain certificate (the .crt file that matches the CSR) into the Certificate (*.crt) field, and save. Plesk should report that the certificate was updated successfully.

Step 4: Add the GoDaddy CA / Intermediate Bundle

Now upload the GoDaddy bundle into the CA certificate field. If Plesk rejects the file because of its extension (for example a .pem), simply make a copy and rename it to end in -ca.crt (for example gd_bundle-g2-ca.crt), then upload the renamed copy. You can also paste the bundle's contents directly into the CA certificate box.

Reading Plesk's certificate icons

Plesk marks each certificate record with small letters: R = CSR exists, K = private key exists, C = domain certificate exists, A = CA/intermediate certificate. If you see the certificate saved but the A icon still warns "CA Certificate part not supplied," it simply means the bundle isn't in the CA field yet — complete Step 4 and the warning clears.

Step 5: Assign the Certificate to Your Website

Go to Websites & Domains → Hosting Settings for the domain. Make sure SSL/TLS support is enabled, select your GoDaddy certificate from the drop-down, and save.

Step 6: Force HTTPS (Don't Skip This)

Installing the certificate doesn't automatically send visitors to the secure version of your site. In Hosting Settings (or the domain's Apache/nginx or IIS settings, depending on your plan), enable "Permanent SEO-safe 301 redirect from HTTP to HTTPS." This makes http:// requests redirect to https:// — important for both security and search rankings, since Google treats the two as different URLs.

Step 7: Validate the Installation

Open both https://example.com and https://www.example.com in a browser (using your real domain) and confirm the padlock appears with no warnings. Testing both the bare domain and the www version matters — visitors use both.

Then run the free Qualys SSL Labs Server Test to confirm the certificate chain is complete and trusted. A well-installed certificate typically scores an A or A-. An A- is often just a note about server protocol support (see the troubleshooting note below), not a problem with your certificate.

Common Errors and How to Fix Them

Plesk Message Cause Fix
"CA Certificate part not supplied" The CA/intermediate bundle hasn't been added to the CA certificate field. Upload or paste the GoDaddy bundle into the CA certificate field (Step 4).
"Unable to find the appropriate private key for the certificate" The bundle was uploaded as the main certificate, or the certificate was issued from a different CSR than the one in Plesk. Put the domain certificate in the Certificate field and the bundle only in the CA field. If it still fails, rekey the certificate in GoDaddy using the CSR generated in Plesk.
SSL Labs reports "TLS 1.3 not supported" Server-level TLS capability on shared Windows hosting. This is controlled by the hosting platform, not your certificate. TLS 1.2 with a trusted certificate is still widely accepted.

Prefer a Free, Auto-Renewing Certificate?

If you don't specifically need a paid GoDaddy certificate, Plesk includes the free SSL It! extension, which can issue and automatically renew a free Let's Encrypt certificate for your domain (and its www and mail subdomains). Auto-renewal is the big advantage — it removes the risk of a certificate silently expiring and taking your site offline. A purchased certificate still makes sense when you need extended validation, a warranty, or a specific issuer.

Final Thoughts

The whole process comes down to one idea: the domain certificate and the CA bundle are different files, and they belong in different fields. Keep that straight, assign the certificate, force HTTPS, and validate — and you're done.

If you'd rather not touch certificates at all, that's exactly the kind of thing we handle. IT Master Services builds and maintains secure, professionally hosted websites — see our Website Development Services and Managed IT Services, or get in touch and we'll take care of it.

References

How to install a GoDaddy SSL certificate on Plesk Windows Hosting | IT Master Services