search

plesk / ext-security-advisor

The Plesk Security Advisor Extension is a simple extension for Plesk that allows you to secure all your websites with SSL at one single click. Additionally, this extension lets you activate HTTP/2 for more performance on all your sites and it offers advice for improving the security of your servers.
https://www.plesk.com/extensions/security-advisor/
Apache License 2.0
11 stars 10 forks source link

Alternative names - Let´s Encrypt #54

Open trialotto opened 7 years ago

trialotto commented 7 years ago

In version 1.1 of the Security Advisor, the "Secure with Let´s Encrypt" action does not set alternative names of the form www.domain.tld (or any other sub.domain.tld), nor does it allow to set these names.

It is rather important that these alternative names of the form www.domain.tld are set automatically.

Any absence of the www.domain.tld alternative names will not lead to the green lock in the browser, if a www.domain.tld is hardcoded somewhere in the application on the specific site.

Furthermore, the before mentioned "absence" entails some considerable security risks, in general and also especially for some specific common applications (such as WordPress).

Regards....

Kubik-Rubik commented 7 years ago

Just stumbled over this issue too. IMO it makes sense to create the certificate also with the "www" variant (Option "Include www.example.com as an alternative domain name." activated).

IronButterfly commented 7 years ago

Nuance here in the fact that Security Advisor - is a mass management and if domain do not respond on www prefix, the certificate will not be issued, and there will be a lot of falls. Perhaps after some kind of research it is possible to release a certain setting to try www sign additionally.