• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question HTTP service has been identified without SSL/TLS

P

Paul Larson

Basic Pleskian
Server operating system version
Ubuntu 22.04.4 LTS
Plesk version and microupdate number
Plesk Obsidian Version 18.0.60
The dreaded PCI/Security scan from a client!

So often the findings or remediation requests seem confusing, like this one:

"HTTP service has been identified without SSL/TLS"

Web traffic to domains on my server will always redirect to https/443. But I guess I can't stop a scanner from testing my IP, port 80, while not serving an SSL/TLS certificate. (I thought the whole point of https was to utilize an SSL cert, thus I don't know the point of scanning port 80 in search of SSL/TLS.)

But the technology behind these protocols is always more complex than I assume.

So, is there a way to serve an SSL/TLS on port 80, or...force such traffic immediately to 443?
 
There isn't much info to go off of such as if you went to http://your.ip.add.ress if it actually takes you anywhere or not so I'm just going to ask: did you configured your IP address to direct you to a default site such as your main site for your business? This can be done under Tools & Settings > IP Addresses and going into the IP address in question and setting a default site with an SSL/TLS certificate.
 
You must log in or register to reply here.

Similar threads

L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
B
Issue 704710#0: *18394 upstream timed out (110: Connection timed out) while SSL handshaking to upstream
Replies
1
Views
2K
sans
S
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
3K
Lenny
Lenny
I
Question Problems with Email certificate renewal - seems linked to changes in SNI support
Replies
0
Views
3K
iainh
I
H
Issue Problems with SMTP and port 465 SSL/TLS encryption on iOS and iPadOS
Replies
8
Views
7K
learning_curve
learning_curve
Back
Top