• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question SSL It! - SSL/TLS for redirects domains?

H

HansMeier52

New Pleskian
Can Obsidian handle SSL/TLS (Let's Encrypt) for redirects domains now?
Should not be so hard to use mod_rewrite and exclude .well-known/acme-challenge for the redirect.
 
One of the most mystical questions that we never solved: Why would anyone want to equip a redirect with SSL?
- There are no data in a redirect that needs protection. There is nothing to encrypt in a redirect. So why encrypt "nothing"?
- Redirects are not listed in search engines, so users won't stumble upon an https:// link to click on there.
Since Let's Encrypt made SSL available for free, people are running crazy for encryption, even where it makes absolutely no sense at all to encrypt something.

For those who still want encryption on "nothing":
- Set the domain to webhosting (not redirect) with the "Hosting Settings" page.
- Create an .htaccess file in the document root directory of the domain with this content:
Code: 
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/.well-known/acme-challenge [NC]
RewriteRule .* - [L]
RewriteRule ^(.*)$ https://<target domain>/$1 [L,R=301]
 
We had a relatively small number of support requests in regards to this. Those that we did have came from quite dissatisfied customers, though. Most thought that their redirect isn't working and some of them believed that it hasn't been working for a long time.

The common issues were:

a) redirect owners or their visitors were manually entering a https address
b) site owners had a site before and later turned it into a redirect

In case of a)... well, it's a honest mistake and in case of visitors, the damage from thinking that the address doesn't exist might be real. It would simply be good practice to have this working these days, especially since certificates are basically free.

In case of b), when we're informed we set them up similarly as Peter described above. But when they do it themselves, they expect Plesk's redirect functionality to work with https out of the box. In general, these sites had encryption enabled and rightfully expect to have it working on the redirect because of the stale links and search engine entries.

It all boils down to the address itself. The encryption of the redirect isn't really needed, but customers rightfully expect the https address to work without issues.

I honestly think that Plesk should add this functionality ASAP and just be done with it.
 
You must log in or register to reply here.

Similar threads

M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
283
mendip_discovery
M
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
2K
Daiv
D
P
Question HTTP service has been identified without SSL/TLS
Replies
1
Views
468
scsa20
scsa20
D
Question Renewing Let's encrypt automatically
Replies
3
Views
509
Kaspar
K
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
372
Leta
L
Back
Top