• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Using IP default site causes invalid SSL

N

NoLimits

New Pleskian
Hello,

I have Plesk Obsidian on Linux Ubuntu Server with root SSH access and I think there s an issue with using default website for server IPs.

Assuming I have two domains are using two workspaces with 2 different IPs on the same server.

1- DomainOne.ltd which has subdomains and/or multiple A records as well as panel, smtp, mail etc. (except webmail) and this domain is also used for the hostname.domainOne.ltd for the server.

2- Same thing for DomainTwo.ltd but it uses the secound IP and sure is not used for hostname.

3- Both domains and any subdomain under them has own issued SSL or share its main domain SSl

When I use the "Default site " option under Tools and Settings > IP Addresses, there is many scenarios:
A) Use the main domain of each IP : this option make the browser access to any of smtp, mail (the A records of same domain) redirect to the main website of that main domain and appears secured and using a valid SSL issued for that main domain BUT redirecting from subdomains to a website on first level domain is not an option for me.

B) Use any xyz subdomain like xyz.DomainOne.ltd for first IP and xyx.DomainTwo.ltd for secound IP as default website (both uss the main domain wildcard SSL): this option make the browser access to any of smtp, mail (the A records of same domain) redirect to that xyz subdomain and appear secured and using a valid SSL issued for that main domain.

The Problem:

The problem start when there are multiple domains on each IP so that when browse to smtp or mail.DomainThree.ltd for example it will be loaded with an SSL warning tell that it's using an invalid DomainOne SSL or DomainTwo SSL depends on this third domain IPS which I don't want to happen. even with securing that DomainThree.ltd and its mail with its own issued SSL nothing changes.


Same thing will happen anyways in case of a server has only one IP address.

I'm not sure what is the direct question and what is the procedure I can ask for but if any opinions, advices or solutions that help n my concerns/requirements I will be thankful and if this is a bug or an issue or know issue kindly refer to the page.

My Goal: that any domain and all of its subdomains or A records never load a page that uses a different domain SSL even if it's the hostname domain.


Thank you
 
NoLimits said:
~~ The Problem: ~~ Same thing will happen anyways in case of a server has only one IP address. ~~

My Goal: that any domain and all of its subdomains or A records never load a page that uses a different domain SSL even if it's the hostname domain
Click to expand...
Can't provide reference for you, when using more than one IP on the same server with the same Plesk / OS setup as you've stated in your post (but others can and probably will) but to give you some factual perspective relative to your reference to one IP address on a server, that you've included (above ^^)

Using a cloud server, with Ubuntu OS, Plesk Obsidian, full root & ssh access, multiple domains / sub-domains all utilising one IP, we do NOT have the issue that you're describing and never have had. Maybe, it's a just an issue related to the Plesk / OS / Server setup in your case? If your raise a Plesk Support Ticket that's probably your quickest route to finding a solution.
 
learning_curve said:
we do NOT have the issue that you're describing and never have had. Maybe, it's a just an issue related to the Plesk / OS / Server setup in your case? If your raise a Plesk Support Ticket that's probably your quickest route to finding a solution.
Click to expand...

Thanks for the reply, first pay attention that the issue doesn't happen with subdomains .. only A records that doesn't associated with subdomains but still accessible like mail.domain.ltd (because it actually redirect and use the default site and its resources/ssl - no root for this as I know) ... so, Do you mean that you experienced server/servers that sets an SSL for the Securing Plesk Option and or not using IP default website that also secured with its own SSL then when add any new domain to that server and secure it with own SSL you never get invalid SSl label or warning when you visit https://mail.domain.ltd?

Excuse my English and re-clarifying this!
Thanks
 
NoLimits said:
...the issue doesn't happen with subdomains .. only A records that doesn't associated with subdomains but still accessible like mail.domain.ltd (because it actually redirect and use the default site and its resources/ssl - no root for this as I know)
Click to expand...
Yes, we understood. We mentioned sub-domains (generically) to try to give a complete answer in relataion to using just one IP address.

Where we use mail.domain.ltd as well as domain.ltd then all of those domains and sub-domains and mail services work exactly as expected, with no errors releated to either the SSL Certificate or other DNS related issues. That's because both the DNS itself and Plesk are setup to allow this to happen (no re-directs are needed).

From your description so far, it appears that you have a re-direct from mail.domain.ltd to domain.ltd - we don't and are not sure why we would need this. It's not clear (to us, so far) for what purpose you want this re-direct, plus how and where have you setup your DNS / Plesk / SSL Certificates to try and use this specifc re-direct?
NoLimits said:
...so, Do you mean that you experienced server/servers that sets an SSL for the Securing Plesk Option and or not using IP default website that also secured with its own SSL then when add any new domain to that server and secure it with own SSL you never get invalid SSl label or warning when you visit https://mail.domain.ltd?
Click to expand...
No, we don't mean that. In our case, we have one Wildcard Multi-Domain Let's Encrypt Certificate that secures Plesk and Mail, but which covers ALL of the domains and all of their sub-domains, which are all hosted on one IPv4 and one IPV6 address. We also then have; Wildcard Let's Encrypt Certificates for each domain that has the mail service enabled within Plesk and Normal Non-Wildcard Let's Encrypt Certificates for those domains that don't have the mail service enabled within Plesk again. All domains and sub-domains are setup on one IPv4 and one IPV6 address and these are common to the cloud server itself and Plesk and are configured as such. One IPv4 (and one IPV6 address) Plesk and mail, all work just fine this way (for us). It sounds like you are looking for something 'outside' of the setup that we have, something that your current DNS / Plesk setup isn't delivering for you yet, but it's not sounding like a Plesk or OS bug so far. As we posted early in this thread: "Maybe, it's a just an issue related to the Plesk / OS / Server setup in your case? If your raise a Plesk Support Ticket that's probably your quickest route to finding a solution".
 
You must log in or register to reply here.

Similar threads

N
Question SSL on alias
Replies
1
Views
188
Sebahat.hadzhi
Sebahat.hadzhi
f0rtem
Question Unable to use SSL unless I expose my IP?
Replies
2
Views
1K
f0rtem
f0rtem
M
Issue SSL certificate to secure Plesk IP address issue (Not Lets Encrypt)
Replies
5
Views
752
Kaspar@Plesk
Kaspar@Plesk
H
Question Send mail using a site Not hosted on Plesk.
Replies
8
Views
870
Kaspar@Plesk
Kaspar@Plesk
M
Resolved Domain name issue -- certificate for a domain uses server domain. But can't see how or why
Replies
9
Views
2K
MHC_1
M
Back
Top