Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to make a website hosted in Plesk permanently use a secure connection over HTTPS?
Answer
Before enabling permanent HTTPS redirection for a domain, make sure that the website is accessible over HTTPS:
-
The setting SSL/TLS support is enabled in Hosting Settings of a domain.
-
In Plesk, go to Domains > example.com > Hosting Settings.
-
Enable the setting Permanent SEO-safe 301 redirect from HTTP to HTTPS and select your certificate from the drop-down menu. Apply the changes.
Note: If the setting Permanent SEO-safe 301 redirect from HTTP to HTTPS is grayed out, please contact your service provider for assistance with permanent HTTPS redirection.
-
In Plesk, go to Domains > example.com > Apache & nginx Settings.
-
Copy the following directives to the Additional directives for HTTP field:
Note: If you are a domain owner and Apache & nginx Settings is not available for you, please contact your service provider for assistance with permanent HTTPS redirection.
CONFIG_TEXT: <IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,QSA]
</IfModule> -
Copy the following directives to the Additional nginx directives field, if nginx is used:
CONFIG_TEXT: if ($ssl_protocol = "") {
rewrite ^/(.*) https://$server_name/$1 permanent;
}
Note: This solution is applicable only if website is processed by Apache.
-
In Plesk, go to Domains > example.com > File Manager.
-
Open the .htaccess file, if available, or create a new one: click > Create File > type .htaccess in the File Name field > click OK. Once created, click on the file and paste the following content:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,QSA]
</IfModule> -
Click OK.
-
In Plesk, go to Domains > example.com > File Manager, open the web.config file and put the following content right before </system.webServer>:
Note: If the <rewrite>/<rules> sections already present in the web.config file, put the content below without tags <rewrite><rules>... </rules></rewrite> inside existing <rules> section.
CONFIG_TEXT: <rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>Click on the picture to enlarge
-
Connect to a Plesk server via RDP.
-
Start Internet Information Service (IIS) Manager at Windows Start > All Programs > (Windows) Administrative Tools.
-
In IIS Manager, expand SERVERNAME > Sites > click on a required site name > double-click URL Rewrite.
Note: If the URL Rewrite button is missing, install the component "IIS URL Rewrite Module" using this KB article.
-
Click Add rule(s)... on the right pane > under the Inbound rules select Blank rule and click OK:
-
Configure the new rule:
-
Set the rule name in the field Name.
- Match URL section
- Requested URL: Matches the Pattern
- Using: Regular Expressions
-
Pattern: (.*)
-
Conditions section
Expand the Conditions section > click Add... and fill in the fields:- Condition input: {SERVER_PORT_SECURE}
-
Check if input string: Matches the Pattern
-
Pattern: ^0$
- Action section:
- Action type: Redirect
- Redirect URL: https://{HTTP_HOST}{REQUEST_URI}
-
Redirect type: Permanent (301)
-
Click Apply on the right pane to save the rule.
-
Comments
6 comments
What if someone wants to disable HTTP access completely, rather than redirecting?
In other words, http://www.example.com should be unavailable, while https://www.example.com should.
@Marco, this is a custom scenario that is not covered by this article. Plesk does not provide such possibility however, the instruction can be found somewhere in google, I guess.
How to enable SSL for both www and non-www domain address.
If is used with www - https://www.example.com - Chrome indicate that the site is secure: Certificate Valid, Cookies 0 in use.
If is used without www - https://example.com - Chrome indicate that the site is NOT secure: Certificate Valid, Cookies 6 in use.
When accessing Plesk panel using https://www.example.com:8443 or https://example.com:8443, both Chrome and IE shows not secure website.
Hello @loan,
Please, make sure that the certificate includes example.com or *.example.com.
For example, when using Let's Encrypt extension, both example.com and www.example.com will be secured:
To secure Plesk login page you need to additionally apply the following instruction:
https://support.plesk.com/hc/en-us/articles/213954265-How-to-secure-Plesk-login-page-URL-with-SSL-certificate
Why webmail is not redirected to HTTPS ?
What should we add in order to redirect from HTTP to HTTPS://webmail.domain.tld ?
(OFC, webmail is secured, before it come to your mind asking if it is).
Hello lenala,
To enable redirection to https for webmail proceed with the resolution from this article for Linux:
https://support.plesk.com/hc/en-us/articles/213951265-How-to-redirect-webmail-from-HTTP-to-HTTPS-on-a-Plesk-for-Linux-server
And these two if you are using Windows server:
https://support.plesk.com/hc/en-us/articles/115003935334-How-to-create-a-permanent-redirect-for-MailEnable-WebMail-from-HTTP-to-HTTPS-
https://support.plesk.com/hc/en-us/articles/115001586434-How-to-force-Horde-webmail-to-use-SSL-only
Please sign in to leave a comment.