Why HSTS and “Keep Websites Secured” Are Unavailable for Addon Domains in Plesk
When using Let’s Encrypt SSL certificates in Plesk, you may notice that for domains added to a subscription (but not set as the main domain), the options to enable HSTS (HTTP Strict Transport Security) or Keep Websites Secured are greyed out or marked with an “X” instead of an enablement button. This is a common scenario and is due to how Plesk manages SSL and security settings for domains within a subscription.
Key Reasons
- Primary vs. Addon Domains:
Plesk treats the main domain of a subscription differently from addon domains (additional domains under the same subscription). Many security features, including HSTS and the “Keep Websites Secured” toggle, are only fully manageable for the main domain. Addon domains often inherit certain settings or have limited management options. - Service Plan and Permissions:
If your hosting provider has restricted certain permissions in the service plan, you may not be able to manage SSL/TLS support, HSTS, or related security settings for addon domains. This can result in these options being greyed out or unavailable for secondary domains. - SSL Certificate Assignment:
The “Keep Websites Secured” feature is designed to automatically renew and manage SSL certificates for the main domain and its associated subdomains, aliases, and webmail. For addon domains, this automation may not be available, and you may need to manage SSL certificates and security headers manually. - Technical Limitations:
Some features, like HSTS, require a valid SSL certificate to be installed and active on the domain. If the addon domain does not have a valid certificate or if SSL/TLS support is not enabled, the HSTS option will remain unavailable.
What You Can Do
- Check Service Plan Permissions:
If you have access, review the permissions for your service plan. Enabling “Hosting settings management” and related permissions may allow more control over addon domains. - Manual Configuration:
For domains where the GUI options are unavailable, you can manually add HSTS headers via.htaccess(for Apache) or custom Nginx configuration, provided you have the necessary access. - Update Plesk:
Some issues with greyed-out options have been resolved in newer Plesk versions. Ensure your Plesk installation is up to date, as certain bugs affecting SSL/TLS and security settings for addon domains have been fixed in recent releases. - Contact Your Hosting Provider:
If you are on a managed hosting plan, some options may be intentionally restricted. Contact your provider to request changes or clarification.
Summary Table
| Feature | Main Domain | Addon Domain | Notes |
|---|---|---|---|
| HSTS Enablement | Yes | Often No | May require manual config for addon domains |
| Keep Websites Secured | Yes | Often No | Tied to service plan and permissions |
| SSL/TLS Support Setting | Yes | Sometimes | Depends on plan and Plesk version |
References
- Service plan and permissions issues
- HSTS and SSL requirements
- Manual configuration options
- “Keep Websites Secured” feature details
If you need to enable HSTS or automated SSL management for addon domains, consider manual configuration or consult your hosting provider for possible plan adjustments.
To check and enable “Hosting settings management” permission for a service plan in Plesk, follow these steps:
- Log in to Plesk as an administrator.
- Navigate to Service Plans:
- Go to the left sidebar and select Service Plans.
- Select the Service Plan:
- Click on the name of the service plan you want to modify.
- Open the Permissions Tab:
- Inside the service plan settings, go to the Permissions tab.
- Enable “Hosting settings management”:
- Find Hosting settings management in the list.
- Check the box to enable it.
- Save Changes:
- Click OK or Update & Sync to save and apply the changes.
Note:
- If you are using Plesk Web Admin Edition, the Service Plans tab may not be visible. In this case, permissions for the default “Admin Simple” plan can be managed via Tools & Settings > Custom View Settings.
- After changing permissions, you may need to sync subscriptions with the updated service plan for changes to take effect.
If you do not see the Service Plans section, your Plesk edition or user role may not support direct service plan management. In such cases, contact your hosting provider or use the command line as described in the Plesk documentation
Leave a Reply