• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs allow_insecure_sites=false locked SSL options in customer level

nethubonline

nethubonline

Regular Pleskian
User name: nethubonline

TITLE

allow_insecure_sites=false locked SSL options in customer level

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian Version 18.0.28 Update #2

PROBLEM DESCRIPTION

Service plan with "-manage_phosting true -allow_insecure_sites false" locks the SSL options in customer level, customer cannot disable the SSL by themselves. I found this problem did not exist in Plesk 17.8 .

STEPS TO REPRODUCE

plesk bin service_plan -c "Plan_A" -manage_phosting true -allow_insecure_sites false
plesk bin customer --create test-a.com -name test-a.com -passwd "abc1234@XYZ"
plesk bin subscription --create test-a.com -owner test-a.com -service-plan "Plan_A" -login test-a -passwd "abc1234@XYZ" -ip 1.2.3.4

plesk bin service_plan -c "Plan_B" -manage_phosting true -allow_insecure_sites true
plesk bin customer --create test-b.com -name test-b.com -passwd "abc1234@XYZ"
plesk bin subscription --create test-b.com -owner test-b.com -service-plan "Plan_B" -login test-b -passwd "abc1234@XYZ" -ip 1.2.3.4
Click to expand...

ACTUAL RESULT

Login as customer "test-a.com" > Hosting Settings > SSL/TLS support & SEO redirect are locked

test-a.jpg



Login as customer "test-b.com" > Hosting Settings > SSL/TLS support & SEO redirect are NOT locked

test-b.jpg

EXPECTED RESULT

SSL/TLS support and SEO redirect are not locked


test-b.jpg



ANY ADDITIONAL INFORMATION

According to Plesk doc, allow_insecure_sites is for web hosting scripting, which should not affects SSL.

"Allows or prohibits overriding server-wide security policy on web hosting scripting options, if the policy is set up."
service_plan: Hosting Plans

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Last edited:
Thank you for the report. The issue was confirmed and submitted as PPPM-12160
 
You must log in or register to reply here.

Similar threads

M
Issue Bug with 'WP Toolkit Smart PHP Update' permissions
Replies
0
Views
561
Mark_NLD
M
S
Resolved Migration Tool failed: Error during xxxx.xxx createZone: dnsmng failed:
Replies
4
Views
1K
sven01
S
nethubonline
Issue allow_insecure_sites=false locked SSL options in customer level
Replies
2
Views
849
nethubonline
nethubonline
burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
15K
Peter Debik
P
H
Question Add customer via Rest API
Replies
0
Views
867
hamza-24
H
Back
Top