Question HTTP service has been identified without SSL/TLS

[Paul Larson]

Server operating system version

Ubuntu 22.04.4 LTS

Plesk version and microupdate number

Plesk Obsidian Version 18.0.60

The dreaded PCI/Security scan from a client!

So often the findings or remediation requests seem confusing, like this one:

"HTTP service has been identified without SSL/TLS"

Web traffic to domains on my server will always redirect to https/443. But I guess I can't stop a scanner from testing my IP, port 80, while not serving an SSL/TLS certificate. (I thought the whole point of https was to utilize an SSL cert, thus I don't know the point of scanning port 80 in search of SSL/TLS.)

But the technology behind these protocols is always more complex than I assume.

So, is there a way to serve an SSL/TLS on port 80, or...force such traffic immediately to 443?

 

[scsa20]

There isn't much info to go off of such as if you went to http://your.ip.add.ress if it actually takes you anywhere or not so I'm just going to ask: did you configured your IP address to direct you to a default site such as your main site for your business? This can be done under Tools & Settings > IP Addresses and going into the IP address in question and setting a default site with an SSL/TLS certificate.