• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Alias redirects and HTTPS

freaky@

Regular Pleskian
Hi,

unfortunately I yet again have to wonder if the people behind plesk actually understand the business they're in.

It's pretty common to have a website on say, domain.com, with aliases like say alias1.com and alias2.com and then have a certificate for only domain.com (you know, it's cheaper...).

So you happily go along, add the aliases, set them to redirect to domain.com with the permanent SEO (but unfortunately not SSL) safe 301 redirect and you configure the main domain (the hosting space) to do redirect to HTTPS.

What happens now is when you go to alias2.com it doesn't redirect you to Domain Name Registration and Web Hosting | Domain.com, it doesn't redirect you to Domain Name Registration and Web Hosting | Domain.com, no... it redirects you to https://alias2.com resulting in a certificate error. If the visitor is kind/ignorant (choose preferred option) enough to proceed anyway they'll be redirected to Domain Name Registration and Web Hosting | Domain.com.

Awesome...

There's only one thing I would like to ask Parallels and it's quite simply this: Please get the basics of plesk (managing webhosting) rock solid before you even think about wordpress managers, git installers and docker stuff. Most of us need none of that. We do need webspace that works, backups that work (ran into many problems with 17.0, still aren't fully resolved) and sane configurations (atleast on 17.0 plesk happily sets the pear PHP path of the plesk provided PHP in the config, but it then doesn't add it to the openbase_dir restrictions which oddly enough results in errors).

When reporting such bugs through e-mail they get bounced, reported them through reseller and was requested to open a feature request (for a bug fix?!) and gather votes for it. I don't want to gather votes for you to fix bugs... I just want them fixed.

I'm done ranting now. Thank you. Have a nice weekend.
 
Hi.

As a temporary solution: if you use Let's Encrypt, you may issue the certificate for both domain and aliases, and the visitor will not be shocked with security warning.
 
Hi,

Thanks for the re' :).

When using free certificates of LE it's not an issue and aliasses can be added to as SAN to the certificate for free quite easily indeed.

Some customers prefer OV/EV's however, which LE can't provide and they cost quite a bit more if you want additional domain names in them.

I resolve it now by removing all aliases and creating a new subscription (forwarding) with one of the aliasses (and the rest of them as aliasses on that). We have several smaller VPS'es for customers on which this is becoming troublesome however as forwarding costs a domain license. On the unlimited licenses this isn't an issue, but when customers have a 10 or 30 domains license and they're on or near max it's an issue.

It's a bit weird to tell a customer they need to upgrade their plesk license because they want to install a certificate. Besides it's not really fun to copy all the DNS records and mail configuration that might exist.

As you state temporary, can I presume this will be resolved in a future (hopefully near) release?

Kind regards,
 
Hi.

Yes, it is a known issue, and it will be fixed someday.
Unfortunately, I cannot provide any ETA.

Thanks for the feedback :)
 
You may have code under Apache and Nginx settings page for the primary domain which is causing redirection from http to https. The redirection from http to https for the primary domain should be specific to the primary domain. Otherwise it will also redirect the domain aliases
 
Back
Top