Each reseller connects their own Cloudflare account. Plesk DNS is mirrored to Cloudflare automatically, and wildcard Let's Encrypt certificates are issued over DNS-01 — so SSL keeps renewing even behind Cloudflare's proxy.
Running Cloudflare in front of a Plesk server usually means manual DNS copying and SSL that breaks every 90 days. This fixes both — per reseller, safely isolated.
The stock Cloudflare extension is admin-global: every reseller sees the same account. Here each reseller connects their own API token, encrypted at rest and scoped to their own domains only. No reseller can see another's connection or records.
Add a subdomain in Plesk and Cloudflare never hears about it. This mirrors Plesk's DNS zone to Cloudflare automatically — creates, updates and deletes — and a daily job catches any drift. Records you added by hand in Cloudflare are never touched.
HTTP-01 validation fails once Cloudflare's proxy is on, so certs expire every 90 days.
This issues a base + *.domain wildcard over the DNS-01
challenge and renews it automatically — validation never touches your web server.
Set up once from the reseller's own panel. Everything after that is automatic.
The reseller pastes their Cloudflare API token. It's verified, encrypted, and bound to their account only.
Existing Cloudflare records are pulled into Plesk first, so nothing already live is lost before the first push.
Plesk DNS is pushed to Cloudflare and kept in sync as domains change — automatically, through Plesk's DNS backend.
Issue a wildcard certificate for the domain in one click. It renews itself before expiry, behind the proxy.
No SSH, no acme.sh config, no cron editing. It's all driven from the reseller and domain screens they already use.
Own token, own domains, encrypted at rest. A hard scope check on every action.
Create / update / delete mirrored live through Plesk's DNS custom backend, plus a daily reconcile to catch drift.
Base + *.domain Let's Encrypt certs, imported into Plesk, auto-renewed before
expiry.
Choose DNS-only or the orange-cloud proxy per domain. DNS-only by default.
Only records the extension created are tagged and managed; anything a reseller set by hand in Cloudflare is left alone.
A tile on each domain's dashboard and a link in the sidebar — no hunting through menus.
Plesk ships a free official Cloudflare extension. It works — for a single administrator. The moment you run a server full of resellers, the differences matter.
| Official “DNS Integration for Cloudflare” | Cloudflare DNS & SSL (this extension) | |
|---|---|---|
| Who it's built for | Admin-centric. Domains and settings are managed server-wide. | Per-reseller. Each reseller connects and manages their own domains. |
| Cloudflare account | One connection, configured by the admin for the whole server. | One per reseller — each token encrypted and scoped to that reseller only. |
| Isolation between resellers | None — it's not designed around resellers. | Hard isolation. A reseller can never see or touch another's connection or records. |
| Your existing DNS records | Import warns: “Custom records in Plesk will be lost”; export removes other records from Cloudflare. | Never destroyed. Import-first flow; records you added by hand are tagged and left untouched. |
| Setup | Server-wide tuning lives in the panel.ini file. |
Zero config files. Everything is driven from the panel screens resellers already use. |
| Bulk limits | Up to 50 domains exportable at once. | No hard cap — bounded only by your plan. |
| Wildcard SSL (DNS-01) | Yes | Yes, per reseller, with automatic renewal behind the proxy. |
| Price | Free | Free tier + one-time Pro (€59) / Max (€199). No subscription. |
Bottom line: if one administrator manages every domain, the free extension is fine. If you sell hosting to resellers, they each need their own Cloudflare — isolated, safe with their existing records, and set up without touching a config file. That's exactly what this does.
Buy once, use forever — no subscription. The plan sets how many Cloudflare-managed domains each reseller can run.
Upload the extension in Plesk, then each reseller connects their own Cloudflare token. Enter a license key on the admin About tab to unlock Pro or Max.
Extensions → My Extensions → Upload the cfdns.zip package.
Admin → Cloudflare DNS & SSL → About → paste your Pro/Max key.
Each reseller adds their Cloudflare API token from their own panel.
Sync DNS and issue wildcard SSL — from the domain dashboard.
No. Each token is encrypted and bound to that reseller's client account, and every action is scoped to the domains they own. There is no shared, admin-global connection.
No. Only records the extension created are tagged as managed and kept in sync. Anything you added by hand in Cloudflare is left untouched, and the import step pulls existing records into Plesk before the first push.
It validates over the DNS-01 challenge — a temporary TXT record on Cloudflare — instead of HTTP-01. That never touches your web server, so the orange-cloud proxy doesn't break renewal. Certificates are imported into Plesk and renewed automatically before expiry.
A domain counts once you sync it to Cloudflare through the extension. Free allows 1 per reseller, Pro 5, and Max is unlimited. Re-syncing a domain you already manage never counts again.
No. Pro (€59) and Max (€199) are one-time purchases with free updates. The key is entered once by the server admin and applies server-wide.
Isolated connections, automatic DNS sync, and wildcard SSL that renews itself — all from the Plesk panel.
Get Cloudflare DNS & SSL