Allow importing external DNSSEC keys (KSK/ZSK) into Plesk DNSSEC interface
Allow importing external DNSSEC keys (KSK/ZSK) into Plesk DNSSEC interface
Currently, Plesk’s “Use Existing Keys” DNSSEC feature only works if keys were previously generated by Plesk itself and are already present in its internal database.
There is no way to import an externally generated KSK/ZSK key pair into Plesk’s DNSSEC interface, which makes DNSSEC domain migrations difficult. Users are forced to either rotate the keys and notify the parent zone (risking downtime) or perform manual workarounds outside the GUI.
It would be valuable to add a supported method in Plesk to import legacy DNSSEC keys, allowing seamless migration of already-signed zones without modifying DS records or disturbing existing trust chains.
Use Case: I migrated a DNSSEC-enabled domain from another system to Plesk and had to manually place the legacy keys into /var/named/chroot/var/keys/domain.tld and restart DNS services. While this workaround appears functional, it’s unsupported and confusing to the UI.
Plesk Tech Support
shared this idea