• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Redirect all undefined subdomains to main domain not working

Azurel

Azurel

Silver Pleskian
I want redirect all undefined subdomains to www.example.com. So I have add in my apache settings for "example.com" in "Additional directives for HTTPS"
ServerAlias *.example.com
<Directory /var/www/vhosts/example.com/httpdocs>
AllowOverride None
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
</Directory>
Click to expand...

But instead of redirect abc.example.com to www.example.com my browser shows me URL abc.example.com with error NET::ERR_CERT_AUTHORITY_INVALID
In DNS I have wildcard "*" entry for server ips. I'm missing here a point or is it necessary to create a wildcard domain?

CentOS Linux 7.7.1908 (Core) / Plesk Obsidian 18.0.26
 
Last edited:
  1. Create example.com in Plesk
  2. Set preferred to www.example.com for example.com
  3. Create "*" (wildcard) subdomain *.example.com, which points to httpsdocs of example.com
  4. If you got subdomains defined like smtp.example.com, they will work like normal. If non-existant subdomains are chosen e.g. 123-321.example.com, they will go to example.com, which rewrites to www.example.com
  5. Voilá
See also:

docs.plesk.com

Adding Wildcard Subdomains (Linux)

Use wildcard subdomains to redirect visitors from non-existent subdomains to one of your websites, commonly, to your ...
docs.plesk.com docs.plesk.com
 
Thanks, but exactly that was my question. ;)
It is or is it not necessary to create a wildcard domain. Its look like overhead to create a subdomain only for a simple redirect to main domain.

But I tested it with extra *.example.com subdomain. Still I get the same result in browser

NET::ERR_CERT_AUTHORITY_INVALID
Subject: Parallels Panel
Issuer: Parallels Panel
Expires on: 07.11.2017
Current date: 21.04.2020

So I continue to assume that there is a mistake somewhere else.
Especially why:
Issuer: Parallels Panel
Expires on: 07.11.2017
Click to expand...
 
Azurel said:
Thanks, but exactly that was my question. ;)
It is or is it not necessary to create a wildcard domain. Its look like overhead to create a subdomain only for a simple redirect to main domain.

But I tested it with extra *.example.com subdomain. Still I get the same result in browser

NET::ERR_CERT_AUTHORITY_INVALID
Subject: Parallels Panel
Issuer: Parallels Panel
Expires on: 07.11.2017
Current date: 21.04.2020

So I continue to assume that there is a mistake somewhere else.
Especially why:
Click to expand...

I assumed you do have a current wildcard ssl certificate?

When connecting, the SSL certificate is first:
  1. Connect to e.g. 123.example.com, which is subdomain covered by *.example.com
  2. Client connects to 123. example.com Server internally redirects to certificate of example.com
  3. SSL handshake incl certificate (aka needs a valid wildcard certificate for *.example.com). If certificate is not valid, then self-signed is used.
  4. Now connected to 123.example.com on httpdocs of example.com

Bottom line: you need to read above article and make sure you got a valid widlcard certificate for example.com, which is also set for *.example.com :) (but should be automatically anyways).
 
Thanks for your patience and yes I have added SSL to wildcard domain. In main domain click on "SSL/TLS Certificates" and "Reissue Certificate"-button and select "Secure the wildcard domain". It shows:
Wildcard SSL/TLS certificate
*.example.com is "Secured"
Click to expand...
Command dig -t txt _acme-challenge.example.com +short shows me the correct TXT value for _acme-challenge.

But in browser a random subdomain shows me this
NET::ERR_CERT_AUTHORITY_INVALID
Subject: Parallels Panel
Issuer: Parallels Panel
Expires on: 07.11.2017
Current date: 21.04.2020
Click to expand...
For *example.com I can only "upload" a additional certifcate.

So I don't get it. ^^°
 
Azurel said:
Thanks for your patience and yes I have added SSL to wildcard domain. In main domain click on "SSL/TLS Certificates" and "Reissue Certificate"-button and select "Secure the wildcard domain". It shows:

Command dig -t txt _acme-challenge.example.com +short shows me the correct TXT value for _acme-challenge.

But in browser a random subdomain shows me this

For *example.com I can only "upload" a additional certifcate.

So I don't get it. ^^°
Click to expand...

  1. The ACME challenge is only to issue the certificate.
  2. Did you check the certificate on Example Domain ? Reviewing the certificate should show "*.example.com" and "example.com".
  3. Like in the article: create the subdomain "*.example.com" but pointing to the homedir of "example.com". You should have the same certificate in "*.example.com" like in "example.com". If not it must be selectable. Or else you made a mistake along the road...
If you are sure you did everything right and the problem persists, by then you should post the URL.
 
Certificate in Chrome said
CN = example.com

DNS-Name=*.example.com
DNS-Name=example.com
Click to expand...

www.ssllabs.com/ssltest/analyze.html said for "test.example.com" = "Certificate name mismatch"

In subscription "*.example.com" is a LetsEncrypt certificate, the same in "example.com":
Domain name = example.com

But for wildcard should be (so I think)
Domain name = *.example.com
Because create a new one, its recommend as *.example.com
 
Azurel said:
Certificate in Chrome said


www.ssllabs.com/ssltest/analyze.html said for "test.example.com" = "Certificate name mismatch"

In subscription "*.example.com" is a LetsEncrypt certificate, the same in "example.com":
Domain name = example.com

But for wildcard should be (so I think)
Domain name = *.example.com
Because create a new one, its recommend as *.example.com
Click to expand...
Its getting weird. Seems we found a bug.

Just yesterday I secured a domain with a wildcard domain and had it all work. Now the nginx "randomizer" kicks in, in default config. So when connecting to a non-existant domain, the nginx server doesnt catch the wildcard, but instead a random other domain. Usually the server itself.

Back to testing. You have nginx edge too?
 
I do not know what "edge" means, but I use nginx too. Enabled in Apache & nginx Settings as:
- Proxy mode
- Smart static files processing
 
Ok so I dont see any nginx directive, where a server listens
Azurel said:
I do not know what "edge" means, but I use nginx too. Enabled in Apache & nginx Settings as:
- Proxy mode
- Smart static files processing
Click to expand...

Ok we got a similar config.

@IgorG we got a problem here. Seems we found a bug - can you take a look?

  1. Configured *.example.com subdomain according documentation.
  2. Yesterday I know for sure the wildcard worked for frontend, but plesk backend listed errors under SSL/TLS/Lets Encrypt icon. (fixed later or similar)
  3. Today the error under the SSL/TLS icon is gone, but the wildcard doesnt work for frontend anymore.
Weird findings:
  • I refreshed all configs fro web servers
  • I cant see any nginx server listen directive under vhosts, which grabs "*.example.com" - nada, nothing
  • I added a directive under nginx, leading to a forward to Apache.
  • Apache apparently doesnt grab the domain "*.example.com" either. So I need to rewrite Apache listen directive too.
Bottom line: the last update broke above behaviour (according documentation) for wildcard subdomains.

In my case: CentOS 7.5, Obsidian 18.0.26, web host edition
 
You must log in or register to reply here.

Similar threads

I
Resolved Redirect non-www to www subdomain
Replies
1
Views
3K
imartin83
I
M
Question Redirect root domain and all wildcard subdomains to specific subdomain
Replies
4
Views
2K
Bitpalast
Bitpalast
O
Issue .htaccess Expires Headers not working at all
Replies
3
Views
3K
MartinT
M
TimReeves
Resolved Webmail - PHP not working, file downloaded not executed
Replies
2
Views
2K
aslotta
aslotta
J
Resolved ServerAlias directive not working correctly after apache update?
Replies
1
Views
2K
johnrdorazio
J
Back
Top