Question SSL by Let's Encrypt and Httpdocs or httpsdocs choice

[D4NY]

Hello everyone from Italy,
we are going to follow Google directives about SSL and we want to set up the correct configuration to all our hosted websites.
1. Add Let's Encrypt extension for Plesk 12.5 (DONE, WORKING)
2. Choose a test domain and ask for a SSL certificate (DONE, WORKING)

So our problem is not about obtaining certificate but how to setup the hosting folders...some questions:
A. what's the "include www.domainname.tld as alternative domain" option?
B. all websites files now are in /httpdocs folder. So we have to move them in /httpsdocs?
C. there are two different versions of the website? One in httpdocs and the other in httpsdocs?
D. is there a setting in Plesk to select which one to open? What is a 301 redirect?
E. what about search engines?

Thank you for you help

 

[IgorG]

A. www prefix of domain will be protected by Let'sEncrypt certificate too if you use this option.
B. Not necessary. /httpdocs directory is working for http and https requests.
C. No.
D and E. It is permanent SEO-safe 301 redirect from HTTP to HTTPS. If you select this option, all visitors of your web site will be automatically redirected from HTTP to HTTPS version of the site using the 301 HTTP status code (permanent redirect). This type of redirect is SEO-safe as the search engines will index only the HTTPS version of the site, and the ranking power will not be lost (as opposed to the status code 302 - temporary redirect). You can find more information at https://moz.com/learn/seo/redirection. This option is available only if SSL/TLS support is enabled. When you use this option, please make sure that you have a valid SSL/TLS certificate, because browsers cache a site with 301 redirect permanently, and if a self-signed certificate is used, the site visitors will see warning messages each time they visit the site.

 

[GerdSchrewe]

Thank you very much for your comprehensible explanation, Igor.

But 2 questions still left for me:
I installed the letsencrypt certificate on a domain. It works and the browser shows "safe" if i open the https site by manually entering https://domainname)
But i want the website to open with https by default.

1. If i activate the "permanent SEO-safe 301 redirect from HTTP to HTTPS" -you mentioned above- will Plesk create and copy automatically a .htaccess file into the webspace
and if yes, what happens if there is already a .htaccess file for example from a wordpress installation?

2. Do i have to change the option "root directory" (in the Plesk hosting settings on the same site for the domain) from htttp to https additional?

Thanx a lot!

 

[D4NY]

Same question here. In other words... how can we set the https as default? I mean that typing www.mydomain.com the browser automatically open https://www.mydomain.com while at the moment it seems to open Always http://www.mydomain.com.
You said that is not necessary to move files in /httpsdoc folder but then... why are there two different folders?

 

[IgorG]

1. If i activate the "permanent SEO-safe 301 redirect from HTTP to HTTPS" -you mentioned above- will Plesk create and copy automatically a .htaccess file into the webspace
and if yes, what happens if there is already a .htaccess file for example from a wordpress installation?

Plesk doesn't create .htaccess files. In Apache & nginx settings of subscription you can define "Additional Apache directives" or "Additional nginx directives". Also in Extension Catalog you can find "htaccess to nginx" extension which convert Apache .htaccess rewrite rules to nginx rewrite rules automatically.

2. Do i have to change the option "root directory" (in the Plesk hosting settings on the same site for the domain) from htttp to https additional?

For what?

 

[GerdSchrewe]

Hi Igor,

Thank you for your support, but i still have questions.
I use Plesk 12.5 Update #59 on Ubuntu 14.04 V-Server without nginx.

I installed the letsencrypt extensions via Plesk and added ca 20 domains to the Letsencrypt list.
On some webs the file Manager shows still 2 folders (httpdocs and httpsdocs). I deleted the httpsdocs folder coz you said there is no need for it (maybe they come from migrated old web versions)
Up to this point everything is o.k.

I could enter a http or https://domainname manually in the browser and both versions open correct.

But i wanted to open only the https://domainname version automatically, no matter what i enter.
So i created and copied a .htaccess file to the root directory of the site.
Its a standard HTML web without database.
"RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]"
and restarted the apache.

If i now enter http://domainname in the browser the https//:domainname site is openend automatically.
Thats exactly what i wanted, but it was a little bit tricky for a rookie like me (what to do with an Wordpress or Typo3 site with already existing .htaccess, edit it?)

Then i read D4NYs post and your answer here and got the impressum that it is possible to get to the same point by using only Plesk settings (see attached screenshot) or adding "Additional Apache directives".

If this is possible it would make things much easier for me.

So please can you confirm that creating a .htaccess ist not the right way and its possible to reach the same result only with:
1. Plesk settings
2. and/or additional Apache settings?

Thank you very much for your patience!

 

[IgorG]

(maybe they come from migrated old web versions)

Yes, it was separated on old Plesk versions.

So please can you confirm that creating a .htaccess ist not the right way

I would not say so. You can use .htaccess as you want. But with Plesk "Additional Apache directives" you can do the same in GUI.

 

[D4NY]

Following the Gerd's questions and the Igor's answers i got some important informations. First of all i've understood that the /httpsdocs folder is not important. We have a lot of websites with /httpsdocs but they are all old websites so they are coming from older plesk version while now we have Plesk 12.5 that doesn't generate such directory while creating a new website. Second i got that there is no "automatic switch" http/https in the GUI but we can add a code in the Additional Apache Directives without manually creating a .htaccess file in the root. Very well... i've tried the code reported above on a normal html website and it seems to work, the website is opened with https://www.. in all cases, also entering http://www.. so i think i will use this for all my domains.

Just one thing is strange to me. I see that on all browsers the url become something like https://www.mydomain.com// while i expected simply https://www.mydomain.com like all other websites.
Why are added two "//" ?? Can we avoid this?

 

[GerdSchrewe]

Hi D4NY,
can you please publish the exact code you have added as additional apache directive so i can reproduce it and report if i get these two // (https://www.mydomain.com//) too?
Thanx a lot!

 

[D4NY]

I've just copied your code:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

I can also report a strange thing. Trying Let's Encrypt + Additional Apache Directives on recently created Plesk subscriptions it seems to work. But if i try the same settings on an old domain created for sure with older Plesk version (and then migrated to 12.5 as it is now) trying to open www.mydomain.com it correctly goes to https://www.mydomain.com but it open the apache default page (if /httpsdoc exist and is empty) or an url error (if /httpsdocs doesn't exist). No way to open the files in /httpdocs folder as https://

Hope you understand what i mean...

 

[GerdSchrewe]

Strange!
A few moments ago the Plek forum site itself showed an SSL certificate error.
I had no access and tried with different browsers (see screenshot).
A few minutes later it works again.

I have the problem you described with only ONE migrated website using the method via .htaccess file.
Other sites (on Plesk 12.5 created new websites) work with https, some of the old migrated sites work too, but via .ht.access file.
Thats the reason i searched for an alternative method via Plesk itself or apache directives.
I have not tried and tested the apache directive method for all sites.

I will restart the servers tonight and try again.

Maybe someone helps with full detailed description which method to use....
Szenario:
Plesk 12.5 on Ubuntu without nginx.
Letsenrypt successful installed via Plesk Extensions for (from older Plesk version migrated domains) and new domains.
Aim is to open the https site automatically either with .htaccess oder Apache directive for new (on Plesk12.5) and migrated sites from Plesk 11 and 12.

 

[D4NY]

Hi Gerd, i don't have news by my side... i was waiting from IgorG or other Plesk members for a solution to what reported above.
If you discover something new please report here, thank you

 

[GerdSchrewe]

Hi d4NY,
Sorry no news, but yesterday in installed a lot of updates for ubuntu.
I got an error message:
AH00112: Warning: DocumentRoot [/var/www/vhosts/***.de/httpsdocs] does not exist

***=for the domain i tried to switch to https by .htaccess file without success, only the http version works (Letsencrypt is installed).

Even when i open https by typing in https://... manually i get "File not found -Apache Server at ***.de Port 443"
In File Manger this domain has only a httpdocs folder, no https folder, but Igor said that this is not neccessary.

Other domains work -strangly enough- fine with the exact the same .htaccess file and open automatically the https version.

Had no time to try it with the apache directives.
I googled a lot for solutions, restarted Apache and the server, deleted all Browser caches but I am at my wit's end.
I suspect it deals with a difference between migrated domains from older plesk versions and newer domains installed in Plesk 12.5.
I found an advise in Ubuntu forum to change "/etc/apache2/sites-enabled.
Such links point to /etc/apache2/sites-available" for the error message
"AH00112: Warning: DocumentRoot [/var/www/vhosts/***.de/httpsdocs] does not exist"
but im afraid to destroy my configuration.

I tried also "plesk repair all -n and verbose" but no errors shown.

It would be a nice feature in Plesk to make it possible (and much easier) to switch the root directory from domains with sslcertifkate from http to https from inside Plesk without "coding or script knowlegde", apache directives or .htaccess files.
SSL certificates become more and more important and the forum shows a lot of threads from users which have problems to configure this.

 

[D4NY]

Thank you for your feedback Gerd. You did a great job there, i've the same problem. Now it's almost sure that is an issue to solve: old migrated domains work differently from new created domains in Plesk 12! It seems that in older domains the two folders /httpdocs and /httpsdocs are totally separated and there's no way to have SSL working in https:// using /httpdocs folder. Let's see what Plesk experts said about that...

EDIT: one more thing i've just discovered looking around for a solution. Take a look to this thread: https://talk.plesk.com/threads/installation-ssl-with-lets-encrypt-troubles.341667/. As you can see in the first image there's a "Permanent Seo-Safe 301 Redirection from http to https" option. But the user is talking about Plesk Onyx and not 12.5... it should be the solutions?

 

[D4NY]

I didn't find a solution yet. Nobody has replied about possible differences between domains created with old Plesk versions and domains created with Plesk 12. But there are differences as written above. Just to know if Onyx is the only possibility to solve this problem or there's something else to try. Thank you

 

[IgorG]

I can only recommend creating a request to support team to do the in-depth investigation to find the reason and to fix it. Please create a ticket to support at https://cscontact.plesk.com/form/32/?Product=Plesk

 

[D4NY]

....

It was identified that your Plesk license was purchased not directly from Plesk but through one of the Plesk Resellers. In this case you need to ask for support from your license provider first. Plesk Partners (Resellers) are fully trained by Plesk and deliver best-in-the-industry support for Plesk products running on their infrastructure. Alternatively you can use our free support resources such as Knowledgebase, Documentation, Forum and @PleskHelp twitter or purchase monthly support subscription for your license key at our Plesk Online Store

 

[IgorG]

Try to use this way - #15