Plesk: Domain Redirection and Let’s Encrypt

When you have hosted a domain on Plesk where you want mail, but the hosting will be a redirection, Let’s Encrypt is not available.

Plesk gives you three hosting options: none, redirection, and website.

In cases of none and redirection, you cannot create a Let’s Encrypt certificate, so the mail, if you’d like, cannot be read securely. It will work on ports without certificates, but not on secure ones.

The alternative option if you do not want web, but mail, in this case, is to buy a TLS wildcard certificate, since you will also have to protect the webmail subdomain.

What to do, then, if I want to have secure mail, and a Let’s Encrypt certificate? You’ll need to create a website, and then redirect it to another domain.

In this case, we are going to create the domain example.com. We will create a website and mail, for now, all without certificate. Once we have it, we will follow the following steps.

In the Apache and nginx Configuration options, we will add the following to the additional nginx Directives:

location ^~ /.well-known/acme-challenge/ {
  allow all;
  default_type "text/plain";
  try_files $uri $uri/ /dev/null =404;
}

With this code, we will have the exception for when the validation of the certificates is called.

Next, we will have to go to the File Manager and delete everything that is in the folder httpdocs. Once it is empty, we will create a file .htaccess with the following contents.

Options -Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
RewriteCond %{HTTPS} on
RewriteRule (.*) https://www.dominio.es/$1 [R=301,L]

Redirects are in 3 different blocks. This is done by the HSTS system that, if activated, will cause the browser not to return an error message reporting a possible insecurity.

The first makes the domain without-www to send traffic to the same domain without-https.

RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

The second block validates that if the domain has the www, but it is without-https we upgrade it to https.

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

And, once the domain has the https, we will send it to the new secure address.

RewriteCond %{HTTPS} on
RewriteRule (.*) https://www.dominio.es/$1 [R=301,L]

The last line is where we will indicate the domain to which, when the domain is visited, the traffic will be sent.

With this system, we will be able to create the Let’s Encrypt certificate for the domain, the wildcard (*.example.com) and the certificates for the mail.


About this document

This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.