• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs webmail page display after suspending customer / subscription

T

TomBoB

Silver Pleskian
Username: TomBoB

TITLE

webmail page display after suspending customer / subscription

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian Version 18.0.31 Update #2, CentOS 7.9.2009

PROBLEM DESCRIPTION

Disable Customer or Subscription. (https used. HSTS enabled). The webmail subdomain shows an error message "Did Not Connect: Potential Security Issue" because the servers security cert is used instead of the domains one.

STEPS TO REPRODUCE

Disable Customer or Subscription. Go to webmail.xyzdomain.tld

ACTUAL RESULT

The webmail subdomain shows an error message "Did Not Connect: Potential Security Issue" because the servers security cert is used instead of the domains one.

EXPECTED RESULT

Either show the maintenance.html error page as it is done for the main domains page. Or display something else like the servers default error / maintenance page.
But NOT a security certificate related page

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Last edited:
If a domain has HSTS activated and a browser has connected to it once, the browser will not allow any further connects if the domain cannot be reached through https and a valid certificate. That is the correct behavior. It is technically not possible to deliver another page to the browser, because the browser won't accept any other pages. That is what HSTS is for, to avoid man-in-the-middle attacks. The message is displayed by the browser, not the server, hence what you are asking for is that the domain is suspended, but the webmail subdomain must not be suspended but instead be filled with a different content telling the user that it is suspended. To me this sounds more like a feature request than a bug fix, because it is actually not a bug that the browser won't connect to a domain that cannot deliver the proper credentials when HSTS was previously used.

But let us hear, what Plesk says about it.
 
Hi Peter,

thanks for your thoughtful input! I understand the way you argue.
My line of thinking:
- the main domain has https enforced and hsts enabled. You visit the domains main page, It is displayed. Upon suspending the subscription (or client)
>> a certain other page (the maintenance error page as it is on the errordocs folder of the domain) is displayed.
- the main domain has https enforced and hsts enabled. You visit the webmail subdomain. It is displayed. Upon suspending the subscription (or client)
>> i would expect: a certain other page (the maintenance error page as it is on the errordocs folder of the domain) is displayed. [Same as for the main domain]
>> instead a page is served by plesk to be displayed that comes from the server (which causes the cert mismatch), instead of a page of the domain (the maintenance error page again) for example which would avoid the cert mismatch.

As the webmail subdomain is technically just that, a sub domain in my understanding, it should act that way.

But as I said above, I understand your way of describing it. It depends on the way how Plesk has internally implemented of what is displayed when you visit the webmail subdomains. Its domains actual subdomain, or more as a "redirect" of each domain to a page that the server serves up.
Seems the way you describe it - the "redirect" - is the actual way.

Agree, lets here from Plesk :)
 
Last edited:
Let me try to describe it from another angle as well.

The browser just displays what is being served to it by Plesk.
A subscription is suspended. When you visit the domains main page, Plesk serves to the browser the maintenance.html file as it is in the errordocs folder of that domains. [perfect. no cert issues. HSTS or not]
When a subsciption is suspended, and you visit the webmail subdomain page, Plesk should [in my opinion] also / as well serve the maintenance.html file as it is in the errordocs folder of that domain. [Perfect, no cert issues, HSTS or not]. But instead, Plesk serves to the browser a page generated by the server itself, causing the cert issue.
Looking at it from that angle, it isn't a HSTS issue at all, HSTS just makes visible the issue.

Another way to try and bring my point across ;)
 
After the conversation with Program Managers bug confirmed - PPPM-12580, we should improve this behaviour.
Thanks.
 
You must log in or register to reply here.

Similar threads

nethubonline
Forwarded to devs Suspend subscription or customer is not working when its website is suspended
Replies
2
Views
313
Sebahat.hadzhi
Sebahat.hadzhi
G
Question Automatic redirecting to custom errorpages in PHP
Replies
2
Views
451
GuiltySpark
G
M
Resolved Webmail Broken After Update to 18.0.61.5
Replies
7
Views
2K
MacGyver
M
WSNHosting
Resolved Bug Can't access the Extensions first page on Plesk 18.0.62
Replies
11
Views
3K
ConquerThis
C
K
Forwarded to devs Error notification missing for forwarding domain back to itself
Replies
2
Views
631
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top