Plesk has started April with one of its most meaningful Obsidian updates in recent months. Version 18.0.77, released on March 31, 2026, delivers a broad accessibility overhaul across the panel, introduces support for GoAccess as a new web statistics tool, launches the new ACME SSL extension, and includes a long list of fixes across backups, mail, Joomla, Route 53 integration, SSL management, and other core areas.
A few days later, on April 6, 2026, Plesk Obsidian 18.0.77 Update 1 followed with a smaller but still important maintenance release focused on Roundcube, OWASP ModSecurity CRS, and a usability fix for the built-in Code Editor.
The biggest story in 18.0.77 is not a single feature, but the scale of the interface work. Over the past year, Plesk says it has completed a major accessibility update across around 200 of the most frequently used pages in the interface, as well as in its most popular extensions. The stated goal is to move the product significantly closer to the expectations of the European Accessibility Act and WCAG 2.1 guidelines.
That effort includes better compatibility with screen readers such as VoiceOver, improved keyboard navigation, clearer and more consistent focus indicators, and support for scaling the interface up to 200%. For hosting providers, agencies, and service operators, this is more than a cosmetic update. It is a practical step toward reducing compliance risk while also making the panel easier to use for customers and administrators who rely on assistive technologies.
Another notable addition in 18.0.77 is support for GoAccess on Plesk for Linux, excluding CentOS 7 and CloudLinux 7. Plesk describes it as an open-source web log analyzer and interactive viewer that provides fast HTTP statistics and visual server reports. For administrators, that means another native option for traffic analysis, anomaly detection, and troubleshooting without relying solely on older reporting workflows.
The release also introduces ACME SSL, a new extension that adds native ACME protocol support to Plesk. It integrates with SSL It! and supports both wildcard and non-wildcard certificate issuance. It works with any ACME-compatible certificate authority, supports both HTTP-01 and DNS-01 challenge types, includes External Account Binding (EAB), and can automatically attempt certificate renewals before expiration. For teams that want more flexibility than the classic Let’s Encrypt flow, this is one of the most strategically useful additions in the release.
Plesk also made a few practical improvements based on customer feedback. It no longer requires an email address when requesting Let’s Encrypt certificates through SSL It!, and it rolled back recent changes to the built-in Code Editor. The editor will no longer open in a separate drawer, and support for tabs has been restored. That rollback is a good example of Plesk listening to panel users who preferred the older, more direct editing workflow.
At the same time, Plesk continues to retire legacy components. The APS Catalog has now been deprecated and removed from all Plesk Obsidian versions. Applications previously installed from APS will continue to work, but Plesk will no longer support APS applications going forward. In addition, Plesk has already warned that with the upcoming 18.0.78 release, support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.
The core release also includes a long list of bug fixes. Among the more important ones are fixes for restoring password-protected scheduled backups stored in AWS S3, cases where changing a customer account password also changed the associated mailbox password, failures in MySQL backups when skip-name-resolve = 1 was enabled, incorrect messaging when suspending subscriptions, and multiple issues affecting Joomla! Toolkit, Amazon Route 53, SSL It!, and firewall extension migration behavior.
On the Linux side, 18.0.77 updated a number of third-party components, including Roundcube 1.6.14, security backports for older 1.4.x builds, sw-engine PHP 8.4.19, libarchive 3.8.6, OWASP ModSecurity CRS 4.24.1, PostgreSQL client library 18.3, Phusion Passenger 6.1.2, and libcurl 8.19.0. Windows also received major component refreshes, including newer versions of Node.js, .NET, Git for Windows, MailEnable Standard, and related PHP and security packages.
Then came 18.0.77 Update 1, which is small in scope but highly relevant in day-to-day administration. It fixes an issue where saving a file in Code Editor would incorrectly take the user back to the domain’s home directory instead of keeping them inside the folder containing the edited file. It also updates OWASP ModSecurity CRS to 4.25.0, and on Linux updates Roundcube from 1.6.14 to 1.6.15, while backporting fixes from 1.5.15 to the older 1.4.15 branch, including a search-related issue.
For anyone running Plesk in production, the combined effect of 18.0.77 and Update 1 is clear. This is a release cycle that balances compliance, usability, security, and platform maintenance. It is not just about adding features. It is also about modernizing the panel, strengthening webmail and WAF components, and cleaning out aging parts of the stack that no longer fit Plesk’s roadmap.
Key highlights at a glance
| Area | Plesk Obsidian 18.0.77 | 18.0.77 Update 1 |
|---|---|---|
| Accessibility | Major UI overhaul across around 200 pages and popular extensions | No major new UI features |
| Web statistics | Added support for GoAccess on Linux | No changes |
| Certificates | New ACME SSL extension; Let’s Encrypt no longer requires email | No new certificate features |
| Code Editor | Tabs restored, separate drawer removed | Fixed directory navigation after save |
| Webmail | Roundcube 1.6.14 and security backports | Roundcube 1.6.15 and more backports |
| WAF | OWASP CRS 4.24.1 | OWASP CRS 4.25.0 |
| Deprecations | APS Catalog removed; warning issued for ngx_pagespeed.so in 18.0.78 | No new deprecations |
Frequently Asked Questions
What is the most important change in Plesk Obsidian 18.0.77?
The biggest change is the large-scale accessibility refresh across the Plesk interface, aimed at bringing the panel closer to European Accessibility Act expectations and WCAG 2.1 guidelines. It also adds GoAccess support and introduces the new ACME SSL extension.
What does 18.0.77 Update 1 actually fix?
Update 1 fixes a Code Editor navigation issue, updates OWASP ModSecurity CRS to 4.25.0, and upgrades Roundcube to 1.6.15 on Linux, alongside additional backported fixes for older branches.
Why does ACME SSL matter for Plesk users?
It expands certificate management beyond the traditional Let’s Encrypt flow by adding broader ACME protocol support, including wildcard certificates, HTTP-01 and DNS-01 challenges, EAB, and compatibility with any ACME-capable certificate authority.
Is APS still supported in Plesk?
No. The APS Catalog has been deprecated and removed from all Plesk Obsidian versions. Existing APS-installed applications will continue to run, but Plesk will no longer support APS applications.
What should administrators watch for in the next release?
Plesk has already announced that support for ngx_pagespeed.so will be deprecated and removed from sw-nginx in 18.0.78.