Resolved Alias Domain www and SSL redirect

[Julian-b90]

Hey pleskianer i hope you have a greate day.

I have a problem with alias Domains.

My Main Domain main.com
Alias alias.com

http://alias.com redirect to main.com OK
https://alias.com redirect to main.com OK
Alias | Industrial Design & Product Design Software | Autodesk redirect to main.com OK
https://www.alias.com redirect to main.com FAIL

Error with
curl: (60) SSL: no alternative certificate subject name matches target host name 'https://www.alias.com'
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.


In the Alias Hosting Settings 301 is enable.

 

[caitanya]

I have the same problem - is there a solution or workaround to make www.alias.com also secure by Lets Encrypt SSL? It seems that only www.domain.com; domain.com; aliasdomain.com are secured. However I have a lot of customers where we need www.aliasdomain.com also to be secured.

 

[Brujo]

are you useing just letsencrypt or SSL IT Extension? maybe this one would help you https://support.plesk.com/hc/en-us/...he-issued-wildcard-Let-s-Encrypt-Certificate 

 

[MaxMauri]

Hi I have the same problem and can not solve

 

[Bitpalast]

When both spellings of the alias, www- and non-www spelling, point to the same ip address of the main domain, this should not give any problems. You'll still need to check the "www" subdomain checkbox when installing the SSL certificate, but both alias spellings will be included when you want it. If there are errors, this will normally be caused by a missing or different route in DNS.

 

[MaxMauri]

When both spellings of the alias, www- and non-www spelling, point to the same ip address of the main domain, this should not give any problems. You'll still need to check the "www" subdomain checkbox when installing the SSL certificate, but both alias spellings will be included when you want it. If there are errors, this will normally be caused by a missing or different route in DNS.

Does not give me the option to select www not shown

 

[Bitpalast]

When you click the "Install" or "Reissue Certificate" button in your SSLIt page, you should be taken to a page where you can click the "www" checkbox for the certificate. Aliases will automatically use the same setting when aliases are included in the certificate.

However, if I remember correctly, did you not recently have another issue with SSL where SSL did not work correctly unless you downgraded a component? I'd highly recommend to contact support on that, because such a downgrade is not a standard procedure, and there could be a very general issue on your system with SSL that can cause all kinds of follow-up errors.

 

[MaxMauri]

When you click the "Install" or "Reissue Certificate" button in your SSLIt page, you should be taken to a page where you can click the "www" checkbox for the certificate. Aliases will automatically use the same setting when aliases are included in the certificate.

However, if I remember correctly, did you not recently have another issue with SSL where SSL did not work correctly unless you downgraded a component? I'd highly recommend to contact support on that, because such a downgrade is not a standard procedure, and there could be a very general issue on your system with SSL that can cause all kinds of follow-up errors.

Yes in fact in order to generate the certificate I had to downgrade, this could be the problem. Thanks

 

[MaxMauri]

When you click the "Install" or "Reissue Certificate" button in your SSLIt page, you should be taken to a page where you can click the "www" checkbox for the certificate. Aliases will automatically use the same setting when aliases are included in the certificate.

However, if I remember correctly, did you not recently have another issue with SSL where SSL did not work correctly unless you downgraded a component? I'd highly recommend to contact support on that, because such a downgrade is not a standard procedure, and there could be a very general issue on your system with SSL that can cause all kinds of follow-up errors.

On alias does not give me the possibility to choose the www

 

[Kaspar]

On alias does not give me the possibility to choose the www

Thats correct. As @Peter Debik stated "Aliases will automatically use the same setting when aliases are included in the certificate." Meaning that if the WWW option is checked for the primary domain the WWW option is also included for the alias.

 

[MaxMauri]

Thats correct. As @Peter Debik stated "Aliases will automatically use the same setting when aliases are included in the certificate." Meaning that if the WWW option is check for the primary domain the WWW option is also included for the alias.

This happens to me

 

[MaxMauri]

This happens to me

Should I activate this option?

Synchronize DNS zone with the primary domain

This DNS server acts as a master name server for this DNS zone.

 

[Kaspar]

Should I activate this option?

Synchronize DNS zone with the primary domain

This DNS server acts as a master name server for this DNS zone.

Unless you have a good reason to have the Synchronize DNS option disabled, it is best to have it enabled for the alias. As that would synchronize the DNS of the domain alias with the primary domain.

Did you also double check (to be absolutely certain) that the WWW dns records points to the IP address of the correct server? And not perhaps (maybe incidentally) to another IP address?

 

[MaxMauri]

A meno che tu non abbia una buona ragione per disabilitare l'opzione Sincronizza DNS, è meglio averla abilitata per l'alias. Poiché ciò sincronizzerebbe il DNS dell'alias di dominio con il dominio primario.

Hai anche ricontrollato (per essere assolutamente certo) che i record DNS del WWW puntino all'indirizzo IP del server corretto? E non forse (forse incidentalmente) a un altro indirizzo IP?

I didn’t synchronize the DNS because the . comMX tag points to G-Suite. However, they point to the www

 

[MaxMauri]

Any ideas, suggestions for how to resolve the problem?

 

[MaxMauri]

This is the answer when I put the www

The connection is not private
Malicious users may attempt to steal information from www.example.com (e.g., passwords, messages, or credit cards). More information
NET::ERR_CERT_COMMON_NAME_INVALID

 

[Kaspar]

I didn’t synchronize the DNS because the . com MX tag points to G-Suite. However, they point to the www

That makes sense.

If you login to Plesk and go to your domain, then go to "SSL/TLS Certificates" and click the Reissue Certificate button to install a new Certificate, to you get an error when you reissue the certificate? Or no error when installing a new certificate?

 

[MaxMauri]

That makes sense.

If you login to Plesk and go to your domain, then go to "SSL/TLS Certificates" and click the Reissue Certificate button to install a new Certificate, to you get an error when you reissue the certificate? Or no error when installing a new certificate?

Generating a new certificate does not give me any error, everything is successful. However, I solved it by creating a CNAME with the WWW and an A with server IP and using the original NS of the DOMAIN provider.