Question HTTP service has been identified without SSL/TLS

P

Paul Larson

Basic Pleskian
Server operating system version
Ubuntu 22.04.4 LTS
Plesk version and microupdate number
Plesk Obsidian Version 18.0.60
The dreaded PCI/Security scan from a client!

So often the findings or remediation requests seem confusing, like this one:

"HTTP service has been identified without SSL/TLS"

Web traffic to domains on my server will always redirect to https/443. But I guess I can't stop a scanner from testing my IP, port 80, while not serving an SSL/TLS certificate. (I thought the whole point of https was to utilize an SSL cert, thus I don't know the point of scanning port 80 in search of SSL/TLS.)

But the technology behind these protocols is always more complex than I assume.

So, is there a way to serve an SSL/TLS on port 80, or...force such traffic immediately to 443?
 
There isn't much info to go off of such as if you went to http://your.ip.add.ress if it actually takes you anywhere or not so I'm just going to ask: did you configured your IP address to direct you to a default site such as your main site for your business? This can be done under Tools & Settings > IP Addresses and going into the IP address in question and setting a default site with an SSL/TLS certificate.
 
You must log in or register to reply here.

Similar threads

M
Issue Plesk showing Cloudflare Origin CA cert, but server still serving Google Trust cert
Replies
3
Views
2K
mauricekindermann
M
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
4K
Leta
L
D
Question LiteSpeed reverse proxy to docker with SSL
Replies
5
Views
4K
Felipe Almeman
F
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
4K
Lenny
Lenny
I
Question Problems with Email certificate renewal - seems linked to changes in SNI support
Replies
0
Views
4K
iainh
I
Back
Top