• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue HSTS / cert error

J

Jesse Bruffett

New Pleskian
I am running Plesk 12.5.x (fully updated) on ubuntu 14.04lts, I just added a new site and it is set in Wordpress to be an HTTP site NOT HTTPS but it only loads in HTTPS in chrome, safari, and Firefox. it gives the error that the cert name is incorrect and belongs to another site on the server. I have plenty of sites on the server that also HTTP only and don't exhibit this issue. I have disabled SSL support for the domain even though the cert was set to not specified. Any ideas how to disable HTST or fix this cert issue?
 
Hi Jesse Bruffett,

pls. check your settings at

=> HOME > Subscriptions > YOUR-DOMAIN.COM > Hosting settings


Pls. check for serverwide HSTS configurations with for example:
Code: 
find /etc/apache2 -type f -name "*.conf" -exec grep --color -Hni "Strict-Transport-Security" {} \;
( or ! )
find /etc/httpd -type f -name "*.conf" -exec grep --color -Hni "Strict-Transport-Security" {} \;

find /etc/nginx -type f -name "*.conf" -exec grep --color -Hni "Strict-Transport-Security" {} \;
 
im uploading a screenshot of the hosting settings page, those commands return nothing.
 

Attachments

  • Screen Shot 2017-07-02 at 5.40.29 PM.png
    Screen Shot 2017-07-02 at 5.40.29 PM.png
    224.5 KB · Views: 4
Hi Jesse Bruffett,

the examples are just EXAMPLES, so pls. consider to be a bit creative, if they don't perfectly fit your needs and you need to find configuration files, which should help you to find possible configured redirects:

Additional examples:
Code: 
find /etc/apache2 -type f -name "*.conf" -exec grep --color -Hni "https" {} \;
( or ! )
find /etc/httpd -type f -name "*.conf" -exec grep --color -Hni "https" {} \;

find /etc/nginx -type f -name "*.conf" -exec grep --color -Hni "https" {} \;

Additional examples, to find possible redirects inside domain specific configuration files:
Code: 
find /var/www/vhosts/system/YOUR-DOMAIN.COM/conf -type f -name "*.conf" -exec grep --color -Hni "Strict-Transport-Security" {} \;
Code: 
find /var/www/vhosts/system/YOUR-DOMAIN.COM/conf -type f -name "*.conf" -exec grep --color -Hni "https" {} \;
Code: 
find /var/www/vhosts/system/YOUR-DOMAIN.COM/conf -type f -name "*.conf" -exec grep --color -Hni "https://" {} \;
Code: 
find /var/www/vhosts/system/YOUR-DOMAIN.COM/conf -type f -name "*.conf" -exec grep --color -Hni "rewrite" {} \;
Code: 
find /var/www/vhosts/system/YOUR-DOMAIN.COM/conf -type f -name "*.conf" -exec grep --color -Hni "YOUR-DOMAIN.COM" {} \;
 
I found no references to HTST in any of the config files, the http.conf file for the site confirms the SSLEngine off, any ideas still? why is this just affecting 1 of 20 http only sites? and why when I try and open the site the ssl that is pulling is one for another site on the server? this doesn't make any sense.
 
Hi Jesse Bruffett,

well, if you didn't find the redirect in your configuration files, you have to inspect your content ( plugins ) and depending configuration files ( .htaccess - files, ... ) for possible redirect settings. I'm sorry that we can't help you further here, as we don't have access to your server to investigate the issue with modified "find" - queries. :(
 
I've checked the .htaccess file and there isn't anything there thats not in the others. the with the plugins is that I can't get into the Wordpress interface and start hunting the setting because I can't get into the site. it was setup as a dev site, then I changed the URL and used a plugin to change the links. I verified that all the links were changed via the database and that none of them are https.
 
Hi Jesse Bruffett,

pls. have a CLOSER look at my suggestion:
UFHH01 said:
investigate the issue with modified "find" - queries.
Click to expand...
You are able to change the given examples ( all the above examples look for *.conf - files ;) ) and you are as well able to leave out such an option string, in order to be able to search within ALL files of your desired folder(s). :) Pls. see the manual for the "find" - command, in order to inform yourself about the enormous possible options, when you use the command "find" over your command line.
 
this is why I use plesk so I don't have to dig through linux .conf files. If I wanted to do that id use a classic apache2 environment. because of plesk nothing is in its proper place. I simply need to know how to turn off HTST for a specific domain. I tried generating a self signed cert, I know browsers will warn you about it but you can always push through and that still didn't fix this issue. what could cause one domain to pull a cert from another so that a generated self signed cert isn't being served but another domains cert is?
 
Hi Jesse Bruffett,

you will experience errors like "too many redirects", if you setup an additional redirect now from https to http, as you already have an existent redirect from http to https. :rolleyes:
 
if I do have one, where in this mess of plesks config files is it?! where does this app store those settings on a per domain basis? I did discover Safari on iOS does not redirect, just desktop browsers.
 
Hi Jesse Bruffett,

Jesse Bruffett said:
if I do have one, where in this mess of plesks config files is it?!
Click to expand...
As I already stated, your redirect doesn't necessarily have to be in your webserver configuration files and if you tested the "find" - examples above without any results, you can be pretty sure, that Plesk isn't at all responsible for your current redirect. ;)

Jesse Bruffett said:
where does this app store those settings on a per domain basis?
Click to expand...
Could you pls. explain, which "app" you mean? I'm a bit lost with this question, sorry. :(
 
Its not the site files. I removed all of them. cleared my cache and history, created a basic html page and it still tries to load https with the cert with the invalid name.
 
I've been messing around with it and did a restore, that was the dev site, then moved it all to dakerealestate.com which is what its supposed to be. ill put it all back the way it should be to function give me 10 minutes and ill have it all put back together.
 
I'm confussed! In Apache & nginx Settings for ... under Additional headers I set: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload. A call to HSTS Preload List Submission works and I get this message:

I understand that preloading domain.tld through this form will prevent all subdomains and nested subdomains from being accessed without a valid HTTPS certificate:
*.domain.tld
*.*.domain.tld
...
How can this work correctly? Under Plesk i have for each subdomain an extra cert from Let's Encrypt!
If I "Submit domain.tld to the HSTS preload list", will it possible to reach the subdomains?
 
You must log in or register to reply here.

Similar threads

hansitheking
Resolved Let's Encrypt: Certs not auto-renewed if redirect to HTTPS is enabled for domain
Replies
7
Views
701
mopanim
M
J
Resolved WordPress Network setup on Alias -- how to add alternative domains with Lets Encrypt SSL Certs?
Replies
3
Views
330
joell
J
Joachim_Weisse
Issue Mysterius trouble with one domain and www.
Replies
11
Views
1K
Joachim_Weisse
Joachim_Weisse
T
Resolved Could not obtain directory: cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443
Replies
7
Views
2K
Peter Debik
P
N
Multisite redirection issue
Replies
8
Views
876
Next level web
N
Back
Top