• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the current Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

Question SSL It! - SSL/TLS for redirects domains?

H

HansMeier52

New Pleskian
Can Obsidian handle SSL/TLS (Let's Encrypt) for redirects domains now?
Should not be so hard to use mod_rewrite and exclude .well-known/acme-challenge for the redirect.
 
One of the most mystical questions that we never solved: Why would anyone want to equip a redirect with SSL?
- There are no data in a redirect that needs protection. There is nothing to encrypt in a redirect. So why encrypt "nothing"?
- Redirects are not listed in search engines, so users won't stumble upon an https:// link to click on there.
Since Let's Encrypt made SSL available for free, people are running crazy for encryption, even where it makes absolutely no sense at all to encrypt something.

For those who still want encryption on "nothing":
- Set the domain to webhosting (not redirect) with the "Hosting Settings" page.
- Create an .htaccess file in the document root directory of the domain with this content:
Code: 
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/.well-known/acme-challenge [NC]
RewriteRule .* - [L]
RewriteRule ^(.*)$ https://<target domain>/$1 [L,R=301]
 
We had a relatively small number of support requests in regards to this. Those that we did have came from quite dissatisfied customers, though. Most thought that their redirect isn't working and some of them believed that it hasn't been working for a long time.

The common issues were:

a) redirect owners or their visitors were manually entering a https address
b) site owners had a site before and later turned it into a redirect

In case of a)... well, it's a honest mistake and in case of visitors, the damage from thinking that the address doesn't exist might be real. It would simply be good practice to have this working these days, especially since certificates are basically free.

In case of b), when we're informed we set them up similarly as Peter described above. But when they do it themselves, they expect Plesk's redirect functionality to work with https out of the box. In general, these sites had encryption enabled and rightfully expect to have it working on the redirect because of the stale links and search engine entries.

It all boils down to the address itself. The encryption of the redirect isn't really needed, but customers rightfully expect the https address to work without issues.

I honestly think that Plesk should add this functionality ASAP and just be done with it.
 
You must log in or register to reply here.

Similar threads

D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
750
Daiv
D
P
Question HTTP service has been identified without SSL/TLS
Replies
1
Views
213
scsa20
scsa20
J
Issue Error when renewing SSL certificate
Replies
1
Views
582
Peter Debik
P
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
3K
Peter Debik
P
M
Issue plesk server certificate does NOT include an ID which matches the server name
Replies
9
Views
2K
learning_curve
learning_curve
Back
Top