• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Domain forwarding leads to bad-ssl-cert-domain error

I

itval

New Pleskian
Hi,
following scenario:

domain1.de on server1
domain1.eu on server1
domain2 on server2

domain1.de and domain1.eu are now separate domains on server1 with Plesk Obsidian 18.0.25. At the beginning domain1.eu was an alias domain from domain1.de. This has been changed by deleting domain1.eu in Plesk.
Domain1.eu was newly created with Lets encrypt = ON and put on forwarding (301) to domain2. The statis is active.

When typing in Firefox 68.6 ESR or IE 11

domain1.eu
www.domain1.eu

forwarding to domain2 works fine.

When typing (or using stored links with) or browser adds https://



I (and all our customers) get a SSL_ERROR_BAD_CERT_DOMAIN and could make an excemption. When looking at the certificate I see that it is for domain1.de instead of domain1.eu.

Why does Plesk use the wrong domain1.de with Lets encrypt when setting up a new domain? Has the alias setting before something to do with it?

thx,
Lino
 
Last edited:
2nd question:

I deleted domain1.de on plesk and created it new, this time with LetsEncrypt = ON. When typing

https://domain1.de

I reach the Plesk login page from server1.

when typing

https://www.domain1.de

I get the SSL_ERROR_BAD_CERT_DOMAIN again even the domain name in the certificate is the same domain1.de
 
In your "Hosting Settings" make sure you are not using a "preferred domain", e.g. set this to "none".

If you have a domain that is forwarded to another domain on the same server, I recommend to not to forward it by a 301 redirect, but to make it an alias to the target. Because with an alias, you can add the domain to the target's SSL certificate. This will avoid the SSL_ERROR_BAD_CERT_DOMAIN. A redirect can only have a certificate by doing some magic, so normally a redirect that is opened with an https link will lead to a cert error. When you use the alias solution this won't happen.

A domain that is removed an re-created will need the server restart interval to route to the correct destination. It is therefor possible that it is routing to the login page for a short period of time during which the reconfiguration has not yet finished.
 
You must log in or register to reply here.

Similar threads

J
Resolved WordPress Network setup on Alias -- how to add alternative domains with Lets Encrypt SSL Certs?
Replies
3
Views
2K
joell
J
B
Resolved Shared hosting with multiple domains SSL/TLS issues
2
Replies
20
Views
4K
bork
B
zigojacko
Question Securing Plesk at hostname and each domain name with SSL
Replies
12
Views
3K
zigojacko
zigojacko
M
Issue Different behavior from domain aliases of same domain
Replies
2
Views
774
Ales
Ales
S
Resolved Let's Encrypt SSL issue on shared hosting (when using port 8443).
Replies
17
Views
9K
seqoi
S
Back
Top