How to enable redirection from HTTP to HTTPS for a domain in Plesk

Follow

Comments

17 comments

  • Avatar
    Marco Marsala

    What if someone wants to disable HTTP access completely, rather than redirecting?

    In other words, http://www.example.com should be unavailable, while https://www.example.com should.

    0
    Comment actions Permalink
  • Avatar
    Alexandr Tumanov

    @Marco, this is a custom scenario that is not covered by this article. Plesk does not provide such possibility however, the instruction can be found somewhere in google, I guess.

    0
    Comment actions Permalink
  • Avatar
    Ioan (Edited )

    How to enable SSL for both www and non-www domain address.

    If is used with www - https://www.example.com - Chrome indicate that the site is secure: Certificate Valid, Cookies 0 in use.

    If is used without www - https://example.com - Chrome indicate that the site is NOT secure: Certificate Valid, Cookies 6 in use.

    When accessing Plesk panel using https://www.example.com:8443 or https://example.com:8443, both Chrome and IE shows not secure website.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @loan,

    Please, make sure that the certificate includes example.com or *.example.com.

    For example, when using Let's Encrypt extension, both example.com and www.example.com will be secured:


    To secure Plesk login page you need to additionally apply the following instruction:
    https://support.plesk.com/hc/en-us/articles/213954265-How-to-secure-Plesk-login-page-URL-with-SSL-certificate

    0
    Comment actions Permalink
  • Avatar
    lenala (Edited )

    Why webmail is not redirected to HTTPS ?
    What should we add in order to redirect from HTTP to HTTPS://webmail.domain.tld ?
    (OFC, webmail is secured, before it come to your mind asking if it is).

    0
    Comment actions Permalink
  • Avatar
    Bob B

    I've noticed that if I enable redirect using the first set of recommended instructions (Enabling HTTPS redirection in domain settings in Plesk), that it locks the subscription from syncing (undesired). 

    Then, if I "unlock and resync", the checkmark for "Permanent SEO-safe 301 redirect from HTTP to HTTPS" is removed, but the redirection appears to silently remain.

    Is this a bug?

    0
    Comment actions Permalink
  • Avatar
    Anzhelika Khapaknysh

    @Bob B,

    I wasn't able to reproduce the described behavior neither on Plesk Onyx 17.8 nor on the latest Plesk Obsidian microupdate.
    If the issue is still reproducible on your server, please submit the request to our Technical Support Team so they can check the issue thoroughly.

    0
    Comment actions Permalink
  • Avatar
    Bob B

    @Anzhelika Khapaknysh,

    In my case, the permission "Hosting settings management" is usually disabled, in the hosting plan.  In this case, it seems enabling "HTTPS redirection" locks the subscription.

    Best Regards,
    Bob

    0
    Comment actions Permalink
  • Avatar
    Yulia Plokhotnikova

    @Bob B

    Hello,

    The situation can be reproduced when the subscription's service plan has "Permanent SEO-safe 301 redirect from HTTP to HTTPS" option disabled in Hosting Parameters. This way a subscription indeed gets into a Locked status which is correct according to the Plesk logic: you customized the subscription adding an option that is missing in the service plan. To prevent subscription from locking, add "Permanent SEO-safe 301 redirect from HTTP to HTTPS" option on a service plan level.

    The fact that the HTTP->HTTPS redirection still remains after you click "unlock and resync" means that the data has been cached in your browser. Clear browser cache or try different browser. Also make sure you manually enter http://yoursitename instead of clicking "Open in web" in Plesk since "Open in web" option opens site over HTTPS.

    0
    Comment actions Permalink
  • Avatar
    Bob B

    @Yulia Plokhotnikova,

    Thanks for your reply.

    In my opinion, that's unfortunate logic.  The option to redirect HTTP to HTTPS should be left to each end user customer, without allowing everything else controlled by "Hosting Parameters" in the service plan.

    Best Regards,
    Bob

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov (Edited )

    Hello Bob B

    Thank you for the feedback.

    Feel free to create a feature suggestion about it at our User-voice portal

    Popular suggestions are likely to be implemented.

    For now, please, follow recommendations from my colleagues.

    0
    Comment actions Permalink
  • Avatar
    Chris

    Hello,

    I have installed WordPress in a subdirectory /wp .

     

    Do I have to copy the code for Apache:

    <IfModule mod_rewrite.c>

    RewriteEngine on

    RewriteCond %{HTTPS} !=on

    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,QSA]

    </IfModule>

     

    Just under http or also under https apache directives?  

     

    As I have a Subdirectory Install /wp do I have to change the Rewrite Rule for Apache or the Nginx Rewrite Code (URL) ? Are the 2 Codes redirecting all Versions http://, http://www, and https://www. to https://domain.com?

     

    Thank You

    0
    Comment actions Permalink
  • Avatar
    Renan Genova Ferreira

    Hello, Chris!

    Should be done under  "Additional directives for HTTP" - and the redirect should work for those.

    Thanks

     

    0
    Comment actions Permalink
  • Avatar
    Pradip Bade (Edited )
    I've been facing this problem when hosted the website. 
    I cannot disable Permanent 'SEO-safe 301 redirect from HTTP to HTTPS'
    I don't have any SSL certificate right now, so i want to disable this, but there's no option for me to disable this feature.
    My service provider says "Please check with your developer to use https in your website to fix this issue".
     
    But it's a testing website, so i dont think i need HTTPS right now.
    Please help me
     
     
    0
    Comment actions Permalink
  • Avatar
    Chris

    Hello Renan, thanks for the information. As i use also Nginx as Reverse Proxy, do i additionally have to copy also this code to the nginx directives:

     

    if ($ssl_protocol = "") {
    rewrite ^/(.*) https://$server_name/$1 permanent;
    }

     

    Or is the additional nginx code just needed, when nginx only webserver is used without apache? 

     

    Thx

    Chris

     

     

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov (Edited )

    Hello Pradip Bade

    Looks like you don't have admin access to Plesk. These permissions are adjusted in the Service Plan. So, for you it's required to contact the service provider, who provides hosting.

    As redirect to HTTPS is already enabled in Plesk you won't be able to disable it via site code.

     

    Chris

    As Nginx is used, Nginx directives are also required.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request