• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Question SSL It! - SSL/TLS for redirects domains?

H

HansMeier52

New Pleskian
Can Obsidian handle SSL/TLS (Let's Encrypt) for redirects domains now?
Should not be so hard to use mod_rewrite and exclude .well-known/acme-challenge for the redirect.
 
One of the most mystical questions that we never solved: Why would anyone want to equip a redirect with SSL?
- There are no data in a redirect that needs protection. There is nothing to encrypt in a redirect. So why encrypt "nothing"?
- Redirects are not listed in search engines, so users won't stumble upon an https:// link to click on there.
Since Let's Encrypt made SSL available for free, people are running crazy for encryption, even where it makes absolutely no sense at all to encrypt something.

For those who still want encryption on "nothing":
- Set the domain to webhosting (not redirect) with the "Hosting Settings" page.
- Create an .htaccess file in the document root directory of the domain with this content:
Code: 
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/.well-known/acme-challenge [NC]
RewriteRule .* - [L]
RewriteRule ^(.*)$ https://<target domain>/$1 [L,R=301]
 
We had a relatively small number of support requests in regards to this. Those that we did have came from quite dissatisfied customers, though. Most thought that their redirect isn't working and some of them believed that it hasn't been working for a long time.

The common issues were:

a) redirect owners or their visitors were manually entering a https address
b) site owners had a site before and later turned it into a redirect

In case of a)... well, it's a honest mistake and in case of visitors, the damage from thinking that the address doesn't exist might be real. It would simply be good practice to have this working these days, especially since certificates are basically free.

In case of b), when we're informed we set them up similarly as Peter described above. But when they do it themselves, they expect Plesk's redirect functionality to work with https out of the box. In general, these sites had encryption enabled and rightfully expect to have it working on the redirect because of the stale links and search engine entries.

It all boils down to the address itself. The encryption of the redirect isn't really needed, but customers rightfully expect the https address to work without issues.

I honestly think that Plesk should add this functionality ASAP and just be done with it.
 
You must log in or register to reply here.

Similar threads

B
Issue Unable to issue a Let's Encrypt certificate for domain with forwarding hosting type: nginx is not installed or is disabled on the Plesk server
Replies
1
Views
565
Sebahat.hadzhi
Sebahat.hadzhi
A
Issue Can't reissue LE certificate
Replies
1
Views
397
Martin Dias
Martin Dias
R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
1K
Robin McDermott
R
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
1K
mendip_discovery
M
Back
Top