Issue individual domain can't use HTTPS for webmail if webmail.forceHttp=true

[enduser]

Server operating system version

Windows 2022

Plesk version and microupdate number

18.0.48

Hi,

Since Plesk for Windows auto redirect webmail HTTP to HTTPS by default even no SSL is installed, so we use webmail.forceHttp=true to disable such redirect.

However, if one domain customer install and set SSL for their webmail, the webmail is still HTTP. It seems that it won't update IIS when webmail.forceHttp=true .

We don't want auto redirect HTTP to HTTPS because webmail with HTTPS always shows invalid SSL error until customer install valid SSL. However using webmail.forceHttp=true that prevent any customer who want to use valid SSL for their webmail.

Can Plesk add a feature to allow individual domain to use SSL for its webmail even webmail.forceHttp=true? Or simply remove such redirect by default?

How to duplicate:
1. Fresh install Plesk for Windows
2. add webmail.forceHttp=true in panel.ini
3. create a subscription
4. in the subscription, install SSL & apply it to "SSL/TLS certificate for webmail"
5. IIS > MailEnable WebMail > Bindings > it is still http but not https

 

[Kaspar]

From the Plesk release notes:

Important - Plesk Obsidian Releases

Hello, I'm glad to announce the next version of Plesk Obsidian 18.0.32! Release Notes: Change Log for Plesk Obsidian To know what's new in Plesk Obsidian release see What's New in Plesk Obsidian Plesk Obsidian Update Notes Important Facts About and How to Update to Plesk Obsidian Highlights...

talk.plesk.com

[mail]
webmail.forceHttp = true

On Plesk for Windows, to disable automatic HTTP > HTTPS webmail redirection for existing domains, run the plesk repair web -webmail command.

Does this help?

 

[enduser]

Kaspar,

Thank you for your info. I did read that before, but I think you misunderstood my problem.

Currently I can get all HTTP redirect disabled successfully (because no valid SSL is installed by default), so all customers access their webmail via http://webmail.customer-abc.com

However some customers install a valid SSL for their webmail, they would expect they can use https://webmail.customer-xyz.com , but there is no way to set it via Plesk.

 

[Kaspar]

Isn't that a bit of unusual use case? With let's encrypt webmail can be secured for any domain.

However some customers install a valid SSL for their webmail, they would expect they can use https://webmail.customer-xyz.com , but there is no way to set it via Plesk.

I am not sure if I understand correctly. So isn't webmail accessible via https at all for domains who do have a valid SSL cert set for their webmail? Or is webmail accessible via https on those domains, but do like to forward http > https specifically for those domains?

 

[enduser]

Kaspar,

Isn't that a bit of unusual use case? With let's encrypt webmail can be secured for any domain.

Because not every customers install let's encrypt SSL on their webmail. (maybe somehow they cannot get the validation done before DNS pointing)

I am not sure if I understand correctly. So isn't webmail accessible via https at all for domains who do have a valid SSL cert set for their webmail? Or is webmail accessible via https on those domains, but do like to forward http > https specifically for those domains?

For example there are 3 domains in Plesk with setting webmail.forceHttp = true in panel.ini:

domain1.com, no SSL installed for webmail - webmail is accessible via http, but isn't accessible via https, this is expected because of forceHttp
domain2.com, no SSL installed for webmail - webmail is accessible via http, but isn't accessible via https, this is expected because of forceHttp
domain3.com, no SSL installed for webmail - webmail is accessible via http, but isn't accessible via https, this is expected because of forceHttp

Then customer domain3.com install a SSL for webmail, it will become result as below:

domain3.com, webmail is accessible via http, but isn't accessible via https, this is NOT expected because customer expects to access webmail via https://webmail.domain3.com after they install a SSL certificate

 

[ChristophRo]

Plesk should abandon this stupid "webmail.forceHttp=true" switch and un-bundle the automatic http --> https redirect for webmail, from the webhosting settings.
Then either create a separate "Permanent SEO-safe 301 redirect from HTTP to HTTPS" checkbox for the webmail or just simply make the https redirect for webmail dependent on presence of the "SSL/TLS certificate for webmail" settings. (I vote for second option, because nobody in their right mind would want to set an SSL certificate for webmail and then not use it...)

 

[enduser]

Yes, I totally agree with ChristophRo.

Just like Plesk for Linux, webmail is HTTP by default, but webmail in Plesk for Windows is HTTPS by default (even no valid SSL). It is really weird.

 

[enduser]

@IgorG Could you check about this? Do you think it is a bug for webmail.forceHttp? Or Plesk should not use or should change the way to handle webmail HTTPS by default?

If it is treated as a bug, then I will fire a report, thank you.

 

[IgorG]

Yes, it looks like a problem worth showing the developers. Therefore, please fill out the report.

 

[enduser]

Reported, thanks all

individual domain can't use HTTPS for webmail if webmail.forceHttp=true

Username: TITLE individual domain can't use HTTPS for webmail if webmail.forceHttp=true PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE Plesk Obsidian 18.0.48 CentOS 7 PROBLEM DESCRIPTION Since Plesk for Windows auto redirect webmail HTTP to HTTPS by default even no SSL is...

talk.plesk.com