• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Permanent SEO-safe 301 Redirect from HTTP to HTTPS Effecting Aliases

Daerik Khan

Daerik Khan

New Pleskian
I am using Plesk Onyx Version 17.5.3 Update #24. I have Domain->Hosting Settings->Permanent SEO-safe 301 redirect from HTTP to HTTPS checked.

I'm looking for a way to force HTTPS on the primary domain in the Plesk Panel without forcing HTTPS on the aliases.

Alias http://alias.tld for the primary domain https://domain.tld gets redirected to https://alias.tld and a SSL warning about insecure connection appears, instead of redirecting to https://domain.tld which does not get a warning.

If I make an exception for the warning on the alias, it then properly redirects to the primary domain.

What's happening:
  1. http://alias.tld redirects to https://alias.tld
  2. https://alias.tld redirects to https://domain.tld
What I'm expecting:
  1. http://alias.tld redirects to http://domain.tld
  2. http://domain.tld redirects to https://domain.tld
I can even accept:
  1. http://alias.tld redirects to https://domain.tld
Here are some workarounds that I've found:
  • I can uncheck this box and add .htaccess rules on the primary domain to first redirect the domain and then force the HTTPS. (This would not work since we have non-developers enabling SSL via Plesk and they cannot configure a .htaccess file)
  • I can redirect the domain at the registrar. (This would not work as clients change their password frequently and we don't always have access to their domain registrar)
  • I can create the alias as a `Domain` instead of a `Domain Alias` and use it's own Web service to redirect to the primary domain. (This would not work as the service plan in Plesk does not allow the subscription to have multiple domains, only multiple domain aliases)
Please note that we are using a single domain SSL provided for free from the hosting company and we are not able to obtain a multi-domain SSL for this purpose.
 
Daerik Khan said:
I am using Plesk Onyx Version 17.5.3 Update #24. I have Domain->Hosting Settings->Permanent SEO-safe 301 redirect from HTTP to HTTPS checked.

I'm looking for a way to force HTTPS on the primary domain in the Plesk Panel without forcing HTTPS on the aliases.

Alias http://alias.tld for the primary domain https://domain.tld gets redirected to https://alias.tld and a SSL warning about insecure connection appears, instead of redirecting to https://domain.tld which does not get a warning.

If I make an exception for the warning on the alias, it then properly redirects to the primary domain.

What's happening:
  1. http://alias.tld redirects to https://alias.tld
  2. https://alias.tld redirects to https://domain.tld
What I'm expecting:
  1. http://alias.tld redirects to http://domain.tld
  2. http://domain.tld redirects to https://domain.tld
I can even accept:
  1. http://alias.tld redirects to https://domain.tld
Here are some workarounds that I've found:
  • I can uncheck this box and add .htaccess rules on the primary domain to first redirect the domain and then force the HTTPS. (This would not work since we have non-developers enabling SSL via Plesk and they cannot configure a .htaccess file)
  • I can redirect the domain at the registrar. (This would not work as clients change their password frequently and we don't always have access to their domain registrar)
  • I can create the alias as a `Domain` instead of a `Domain Alias` and use it's own Web service to redirect to the primary domain. (This would not work as the service plan in Plesk does not allow the subscription to have multiple domains, only multiple domain aliases)
Please note that we are using a single domain SSL provided for free from the hosting company and we are not able to obtain a multi-domain SSL for this purpose.
Click to expand...

Hello Daerik, Plesk extension Let's Encrypt provide the ability to generate a SSL certificate for your domain as well as for all domain alias. This way your domain alias will not show any warning before redirecting your visitors to the main domain.
 
virtubox said:
Hello Daerik, Plesk extension Let's Encrypt provide the ability to generate a SSL certificate for your domain as well as for all domain alias. This way your domain alias will not show any warning before redirecting your visitors to the main domain.
Click to expand...
Thank you for the reply, virtubox. Unfortunately Let's Encrypt does not issue organization or extended validation certificates which is unacceptable for some clients. If there was a way to bind an SSL certificate generated by Let's Encrypt directly to the aliased domain while keeping the original SSL certificate on the primary domain, this would be an acceptable solution to my problem.

Why does Permanent SEO-safe 301 redirect from HTTP to HTTPS effect domain aliases in the first place? Surely this causes a problem for most people using domain aliases considering that multi-domain SSL certificates aren't all that common and expensive.
 
Daerik Khan said:
Thank you for the reply, virtubox. Unfortunately Let's Encrypt does not issue organization or extended validation certificates which is unacceptable for some clients. If there was a way to bind an SSL certificate generated by Let's Encrypt directly to the aliased domain while keeping the original SSL certificate on the primary domain, this would be an acceptable solution to my problem.

Why does Permanent SEO-safe 301 redirect from HTTP to HTTPS effect domain aliases in the first place? Surely this causes a problem for most people using domain aliases considering that multi-domain SSL certificates aren't all that common and expensive.
Click to expand...

That mean it's time to explain them the difference between encryption and company validation. But you can generate all certificates for your alias with letsencrypt, and then use a paid certificate on your main domain, because I do not see how your clients will be able to see the DV certificate during a 301 redirection to your main domain.
 
virtubox said:
That mean it's time to explain them the difference between encryption and company validation. But you can generate all certificates for your alias with letsencrypt, and then use a paid certificate on your main domain, because I do not see how your clients will be able to see the DV certificate during a 301 redirection to your main domain.
Click to expand...
We could use Let's Encrypt on the aliases, however I don't see anywhere to bind certificate to a domain alias in Plesk. Only for the primary domain. Please advise.
 
Daerik Khan said:
We could use Let's Encrypt on the aliases, however I don't see anywhere to bind certificate to a domain alias in Plesk. Only for the primary domain. Please advise.
Click to expand...

You have to launch let's encrypt from the primary domain, then just change the certificate used for it in Hosting Settings
 
virtubox said:
You have to launch let's encrypt from the primary domain, then just change the certificate used for it in Hosting Settings
Click to expand...
Let's Encrypt expires after 90 days and I see that it is possible to automatically renew it. Is this possible without having to change the primary domain's certificate back to the paid one every 90 days? We manage over 300 domains and it would be too costly to have to do this every 3 months. I really do like this workaround and I find it a better solution than the other 3 I've tried. I wish I could find some form of resolution to the actual issue. Surely Plesk did not intend to force HTTPS on a alias as a feature?
 
Daerik Khan said:
Let's Encrypt expires after 90 days and I see that it is possible to automatically renew it. Is this possible without having to change the primary domain's certificate back to the paid one every 90 days? We manage over 300 domains and it would be too costly to have to do this every 3 months. I really do like this workaround and I find it a better solution than the other 3 I've tried. I wish I could find some form of resolution to the actual issue. Surely Plesk did not intend to force HTTPS on a alias as a feature?
Click to expand...

You can probably automate the process with a cronjob and plesk cli. But excepted in your case with clients who prefer to pay for certificates, it's a cool feature to generate automatically SSL certificates for domains + alias.
 
You must log in or register to reply here.

Similar threads

I
Resolved Redirect non-www to www subdomain
Replies
1
Views
2K
imartin83
I
T
Resolved Can't disable redirect from http to https
Replies
6
Views
4K
talulipa
T
L
Issue Unable to issue SSL Cert: acme-challenge token is not available
Replies
0
Views
1K
laurenzmader
L
K
Forwarded to devs Custom 403 error document never shown for document root
Replies
8
Views
2K
Kaspar
K
M
Issue Web Statistics SSL/TLS File not found.
Replies
4
Views
3K
Manfred Beck
M
Back
Top