Possibility to force SSL on Webmail
Some users don't know why they should enter https:// if they have to access webmail, they use http://
http is insecure. Easpecially in combination with unencrypted wireless connections.
Actually you have to go into the plesk code to set this function somewhere. Why does plesk provide the webmail-login insecure by default?
If you have setup an Domain Certificate, at least then plesk should offer the option to force ssl on accessing webmail.mydomain.??
The functionality is now available:
1. Linux: in the SSL It! Plesk Extension: https://ext.plesk.com/packages/3c4117f6-c05c-4d3b-9173-60f10096a9c4-sslit
2. Windows: in Plesk Obsidian (by default if SSL is turned on for the domain)
How to find it in SSL It! Extension:
1. install SSL It! Extension (it’s available for Plesk 17.8+)
2. go to > SSL/TLS Certificates
3. if there is no SSL Certificate installed on the domain – issue one (using, for example, free Let’s Encrypt SSL Certificate)
4. if an SSL Certificate is installed on the domain, there is a switcher “HTTP→HTTPS redirect”, this switcher has an option “Webmail”, turn it on.
5. Additionally, you can setup HSTS (for webmail too)
We would appreciate hearing your feedback on the implementation of this functionality. Thanks in advance!
What is the progress of this feature.
It's 3 month since you implemented the feature and also 3 months since my feedback on it.
Yes, SSL It! is implemented and Yes SSL It! works on the domain. But No, the redirect for the webmail stil doesn't work and as stated before there is no option "Webmail" to turn on, so the webmail still doesn't redirect to https as it should.
Hello RK,I juist tried the SSL it! functionality.
Everything look smooth exept for one thing. There is still no option to force webmail on ssl.
In my plesk environment it just isn't there. See screenshot in the attachment.
MD Rizwanur Rahman commented
I want a option in plesk to redirect my webmail from http to https
+1 on this isue
+1 Seems odd to have option to encrypt but not the option to force use of encryption..
+1 (forced SSL as described in the workaround posted by Alexander Yamshanov is not useful in a shared hosting environment because SSL feature is optional)
Alexander Yamshanov commented