• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue individual domain can't use HTTPS for webmail if webmail.forceHttp=true

E

enduser

Basic Pleskian
Server operating system version
Windows 2022
Plesk version and microupdate number
18.0.48
Hi,

Since Plesk for Windows auto redirect webmail HTTP to HTTPS by default even no SSL is installed, so we use webmail.forceHttp=true to disable such redirect.

However, if one domain customer install and set SSL for their webmail, the webmail is still HTTP. It seems that it won't update IIS when webmail.forceHttp=true .

We don't want auto redirect HTTP to HTTPS because webmail with HTTPS always shows invalid SSL error until customer install valid SSL. However using webmail.forceHttp=true that prevent any customer who want to use valid SSL for their webmail.

Can Plesk add a feature to allow individual domain to use SSL for its webmail even webmail.forceHttp=true? Or simply remove such redirect by default?

How to duplicate:
1. Fresh install Plesk for Windows
2. add webmail.forceHttp=true in panel.ini
3. create a subscription
4. in the subscription, install SSL & apply it to "SSL/TLS certificate for webmail"
5. IIS > MailEnable WebMail > Bindings > it is still http but not https
 
From the Plesk release notes:

Important - Plesk Obsidian Releases

Hello, I'm glad to announce the next version of Plesk Obsidian 18.0.32! Release Notes: Change Log for Plesk Obsidian To know what's new in Plesk Obsidian release see What's New in Plesk Obsidian Plesk Obsidian Update Notes Important Facts About and How to Update to Plesk Obsidian Highlights...
talk.plesk.com talk.plesk.com

[mail]
webmail.forceHttp = true

On Plesk for Windows, to disable automatic HTTP > HTTPS webmail redirection for existing domains, run the plesk repair web -webmail command.
Click to expand...

Does this help?
 
Kaspar,

Thank you for your info. I did read that before, but I think you misunderstood my problem.

Currently I can get all HTTP redirect disabled successfully (because no valid SSL is installed by default), so all customers access their webmail via http://webmail.customer-abc.com

However some customers install a valid SSL for their webmail, they would expect they can use https://webmail.customer-xyz.com , but there is no way to set it via Plesk.
 
Isn't that a bit of unusual use case? With let's encrypt webmail can be secured for any domain.

enduser said:
However some customers install a valid SSL for their webmail, they would expect they can use https://webmail.customer-xyz.com , but there is no way to set it via Plesk.
Click to expand...
I am not sure if I understand correctly. So isn't webmail accessible via https at all for domains who do have a valid SSL cert set for their webmail? Or is webmail accessible via https on those domains, but do like to forward http > https specifically for those domains?
 
Kaspar,

Kaspar said:
Isn't that a bit of unusual use case? With let's encrypt webmail can be secured for any domain.
Click to expand...
Because not every customers install let's encrypt SSL on their webmail. (maybe somehow they cannot get the validation done before DNS pointing)

Kaspar said:
I am not sure if I understand correctly. So isn't webmail accessible via https at all for domains who do have a valid SSL cert set for their webmail? Or is webmail accessible via https on those domains, but do like to forward http > https specifically for those domains?
Click to expand...
For example there are 3 domains in Plesk with setting webmail.forceHttp = true in panel.ini:

domain1.com, no SSL installed for webmail - webmail is accessible via http, but isn't accessible via https, this is expected because of forceHttp
domain2.com, no SSL installed for webmail - webmail is accessible via http, but isn't accessible via https, this is expected because of forceHttp
domain3.com, no SSL installed for webmail - webmail is accessible via http, but isn't accessible via https, this is expected because of forceHttp

Then customer domain3.com install a SSL for webmail, it will become result as below:

domain3.com, webmail is accessible via http, but isn't accessible via https, this is NOT expected because customer expects to access webmail via https://webmail.domain3.com after they install a SSL certificate
 
Plesk should abandon this stupid "webmail.forceHttp=true" switch and un-bundle the automatic http --> https redirect for webmail, from the webhosting settings.
Then either create a separate "Permanent SEO-safe 301 redirect from HTTP to HTTPS" checkbox for the webmail or just simply make the https redirect for webmail dependent on presence of the "SSL/TLS certificate for webmail" settings. (I vote for second option, because nobody in their right mind would want to set an SSL certificate for webmail and then not use it...)
 
Yes, I totally agree with ChristophRo.

Just like Plesk for Linux, webmail is HTTP by default, but webmail in Plesk for Windows is HTTPS by default (even no valid SSL). It is really weird.
 
@IgorG Could you check about this? Do you think it is a bug for webmail.forceHttp? Or Plesk should not use or should change the way to handle webmail HTTPS by default?

If it is treated as a bug, then I will fire a report, thank you.
 
Yes, it looks like a problem worth showing the developers. Therefore, please fill out the report.
 
You must log in or register to reply here.

Similar threads

E
Forwarded to devs individual domain can't use HTTPS for webmail if webmail.forceHttp=true
Replies
1
Views
545
IgorG
IgorG
D
Issue can only create webmail certificates
Replies
1
Views
370
deepnpisgah
D
T
Resolved connection webmail to mailserver fails
Replies
8
Views
1K
Strangelove
Strangelove
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
620
deepnpisgah
D
L
Question Web site has SSL without using HTTPS??
Replies
0
Views
266
luxorexp
L
Back
Top