How to enable redirection from HTTP to HTTPS for a domain in Plesk

Follow

Comments

12 comments

  • Avatar
    Marco Marsala

    What if someone wants to disable HTTP access completely, rather than redirecting?

    In other words, http://www.example.com should be unavailable, while https://www.example.com should.

    0
    Comment actions Permalink
  • Avatar
    Alexandr Tumanov

    @Marco, this is a custom scenario that is not covered by this article. Plesk does not provide such possibility however, the instruction can be found somewhere in google, I guess.

    0
    Comment actions Permalink
  • Avatar
    Ioan (Edited )

    How to enable SSL for both www and non-www domain address.

    If is used with www - https://www.example.com - Chrome indicate that the site is secure: Certificate Valid, Cookies 0 in use.

    If is used without www - https://example.com - Chrome indicate that the site is NOT secure: Certificate Valid, Cookies 6 in use.

    When accessing Plesk panel using https://www.example.com:8443 or https://example.com:8443, both Chrome and IE shows not secure website.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @loan,

    Please, make sure that the certificate includes example.com or *.example.com.

    For example, when using Let's Encrypt extension, both example.com and www.example.com will be secured:


    To secure Plesk login page you need to additionally apply the following instruction:
    https://support.plesk.com/hc/en-us/articles/213954265-How-to-secure-Plesk-login-page-URL-with-SSL-certificate

    0
    Comment actions Permalink
  • Avatar
    lenala (Edited )

    Why webmail is not redirected to HTTPS ?
    What should we add in order to redirect from HTTP to HTTPS://webmail.domain.tld ?
    (OFC, webmail is secured, before it come to your mind asking if it is).

    0
    Comment actions Permalink
  • Avatar
    Bob B

    I've noticed that if I enable redirect using the first set of recommended instructions (Enabling HTTPS redirection in domain settings in Plesk), that it locks the subscription from syncing (undesired). 

    Then, if I "unlock and resync", the checkmark for "Permanent SEO-safe 301 redirect from HTTP to HTTPS" is removed, but the redirection appears to silently remain.

    Is this a bug?

    0
    Comment actions Permalink
  • Avatar
    Anzhelika Khapaknysh

    @Bob B,

    I wasn't able to reproduce the described behavior neither on Plesk Onyx 17.8 nor on the latest Plesk Obsidian microupdate.
    If the issue is still reproducible on your server, please submit the request to our Technical Support Team so they can check the issue thoroughly.

    0
    Comment actions Permalink
  • Avatar
    Bob B

    @Anzhelika Khapaknysh,

    In my case, the permission "Hosting settings management" is usually disabled, in the hosting plan.  In this case, it seems enabling "HTTPS redirection" locks the subscription.

    Best Regards,
    Bob

    0
    Comment actions Permalink
  • Avatar
    Yulia Plokhotnikova

    @Bob B

    Hello,

    The situation can be reproduced when the subscription's service plan has "Permanent SEO-safe 301 redirect from HTTP to HTTPS" option disabled in Hosting Parameters. This way a subscription indeed gets into a Locked status which is correct according to the Plesk logic: you customized the subscription adding an option that is missing in the service plan. To prevent subscription from locking, add "Permanent SEO-safe 301 redirect from HTTP to HTTPS" option on a service plan level.

    The fact that the HTTP->HTTPS redirection still remains after you click "unlock and resync" means that the data has been cached in your browser. Clear browser cache or try different browser. Also make sure you manually enter http://yoursitename instead of clicking "Open in web" in Plesk since "Open in web" option opens site over HTTPS.

    0
    Comment actions Permalink
  • Avatar
    Bob B

    @Yulia Plokhotnikova,

    Thanks for your reply.

    In my opinion, that's unfortunate logic.  The option to redirect HTTP to HTTPS should be left to each end user customer, without allowing everything else controlled by "Hosting Parameters" in the service plan.

    Best Regards,
    Bob

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov (Edited )

    Hello Bob B

    Thank you for the feedback.

    Feel free to create a feature suggestion about it at our User-voice portal

    Popular suggestions are likely to be implemented.

    For now, please, follow recommendations from my colleagues.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request