Facebook
Twitter
gws
New Pleskian
Hey Pleskians!
I have had this bug-ish issue for a year now, so I wanted to check if there is an easy solution as this message has been bugging my OSD for long enough now:
SSL/TLS Certificates\n Security can be improved.
The Problem:
So here is a rundown. I got a Subscription running with NGINX that has a Let's Encrypt Certificate. Everything works fine, BUT when it comes to Assignment, Renewal or Reissue of the certificate Lets Encrypt shows an error that it can't access .well-known/chme-challenge/plainTextAuthCode.
After some digging, I realised that it is due to Safe-SEO 301 redirect from HTTP to HTTPS, the first toggle in the SSL/TLS Certificate section of the subscription or the Permanent SEO-safe 301 redirect from HTTP to HTTPS in the Hosting Settings for * in the Subscription.
The Solution:
Exclude .well-known directory from Safe-SEO 301 redirect from HTTP to HTTPS.
The New Problem:
How do I do that?
Now I know that there are probably rules I can apply in NGINX to remedy that, but I'm not sure which it would be and whether it would be conflicting with existing rules made by Plesk.
Temp Solution:
Don't redirect from HTTP to HTTPS
I have had this bug-ish issue for a year now, so I wanted to check if there is an easy solution as this message has been bugging my OSD for long enough now:
The Problem:
So here is a rundown. I got a Subscription running with NGINX that has a Let's Encrypt Certificate. Everything works fine, BUT when it comes to Assignment, Renewal or Reissue of the certificate Lets Encrypt shows an error that it can't access .well-known/chme-challenge/plainTextAuthCode.
After some digging, I realised that it is due to Safe-SEO 301 redirect from HTTP to HTTPS, the first toggle in the SSL/TLS Certificate section of the subscription or the Permanent SEO-safe 301 redirect from HTTP to HTTPS in the Hosting Settings for * in the Subscription.
The Solution:
Exclude .well-known directory from Safe-SEO 301 redirect from HTTP to HTTPS.
The New Problem:
How do I do that?
Now I know that there are probably rules I can apply in NGINX to remedy that, but I'm not sure which it would be and whether it would be conflicting with existing rules made by Plesk.
Temp Solution:
Don't redirect from HTTP to HTTPS
