Installing an SSL certificate in Plesk is only half the job. If you do not force HTTPS redirects, visitors who type your domain without https:// — or click an old bookmark — will still load the unencrypted version of your site. Browsers show a "Not Secure" warning, search engines may serve the HTTP version in results, and your SSL investment is partially wasted. This guide covers all three methods to force HTTPS in Plesk, plus how to fix redirect loops and subdomain edge cases when things go wrong.
Why Forcing HTTPS in Plesk Matters (SEO and Security Impact)
When HTTPS is not enforced, your site effectively runs on two URLs: http://yourdomain.com and https://yourdomain.com. This creates several problems:
- Duplicate content — search engines may index both versions and split your page authority
- Mixed content — pages load over HTTPS but some resources (loaded by old links or CMS settings) may still use HTTP, triggering browser security warnings
- Analytics fragmentation — sessions split between HTTP and HTTPS versions distort your traffic data
- Security risk — form submissions, login credentials, and cookies can be intercepted if transmitted over unencrypted HTTP
Forcing HTTPS means every HTTP request is permanently redirected (301) to the HTTPS version before any content is served. This preserves SEO signals, consolidates analytics, and ensures all traffic is encrypted.
Prerequisites before forcing HTTPS:
- An active SSL certificate is installed for the domain in Plesk (Let's Encrypt or a paid cert)
- The certificate covers all hostnames you will redirect — including
wwwand any subdomains you want to redirect - You have tested that
https://yourdomain.comloads without a certificate error before adding any redirect
💡 None of these worked? Skip the guesswork.
Get Expert Help →Method 1: Enable HTTPS Redirect via the Plesk Control Panel
Plesk provides a built-in toggle to redirect HTTP to HTTPS without writing any server configuration manually. This is the recommended starting point for most domains.
Log into Plesk. On the left sidebar, navigate to Websites & Domains. Find the domain you want to configure and click Hosting Settings.
On the Hosting Settings page, find the Security section. Tick the checkbox labelled Permanent SEO-safe 301 redirect from HTTP to HTTPS. Click OK to save.
Plesk automatically adds the redirect rule to the domain's web server configuration (Apache virtual host or Nginx server block, depending on your setup). The redirect is active immediately — no service restart required.
Open a new browser tab and navigate to http://yourdomain.com. You should be redirected to https://yourdomain.com with no address bar warnings. Check the HTTP response code with:
curl -I http://yourdomain.comYou should see 301 Moved Permanently and a Location: https://yourdomain.com/ header in the response.
This Plesk UI method is sufficient for the vast majority of websites. If you encounter redirect loops or need finer control, use Method 2 or 3 below.
In Plesk, go to Websites & Domains → your domain → Apache & Nginx Settings.
Scroll to the Additional nginx directives field for the HTTP virtual host. Add:
return 301 https://$host$request_uri;This is the cleanest and most efficient Nginx redirect — it uses a direct return directive rather than a rewrite, which is faster and avoids regex processing overhead.
Click OK to save. Plesk applies the configuration and reloads Nginx automatically.
Note: If Plesk is running Apache with Nginx as a reverse proxy (the default for most Plesk Linux installations), the built-in Plesk UI redirect (Method 1) handles both layers correctly. Use Method 3 only when Nginx is serving content directly (without Apache).
Troubleshooting: Redirect Loops, Mixed Content, and Subdomain Edge Cases
After enabling HTTPS redirects, these are the most common issues you may encounter:
Redirect loop (ERR_TOO_MANY_REDIRECTS)
A redirect loop occurs when the server keeps redirecting the HTTPS version back to itself. This usually happens when:
- Both the Plesk UI redirect and an
.htaccessrule are active simultaneously — disable one of them - The server is behind a proxy and the
%{HTTPS}variable is always "off" — switch to theX-Forwarded-Protocondition in.htaccess - A WordPress plugin (like Really Simple SSL) conflicts with a server-level redirect — disable one of the redirect mechanisms
To diagnose, use curl -IL http://yourdomain.com (capital I and L) to follow the full redirect chain and see where the loop starts.
Mixed content warnings after HTTPS redirect is active
Your page now loads over HTTPS but the padlock is broken or missing. This means some embedded resources still use http:// URLs. Check your browser's developer console (F12 → Console tab) to see which resources are causing the warning. Fix options:
- Update your CMS site URL setting from
http://tohttps:// - Run a database search-replace to convert all hardcoded HTTP URLs (in WordPress, use WP-CLI:
wp search-replace 'http://yourdomain.com' 'https://yourdomain.com') - Add a Content Security Policy upgrade header:
Content-Security-Policy: upgrade-insecure-requests
Subdomain not redirecting after domain redirect is configured
HTTPS redirects in Plesk are configured per-domain. A redirect on yourdomain.com does NOT automatically apply to www.yourdomain.com or shop.yourdomain.com. You must configure the redirect separately for each subdomain in Plesk Hosting Settings (or add them to the same wildcard SSL certificate and configure redirects for each).
www vs. non-www redirect conflicts
If you are redirecting both HTTP to HTTPS and non-www to www (or vice versa), ensure the redirects do not chain. The best approach is a single redirect that handles both at once in Nginx:
if ($host = "yourdomain.com") {
return 301 https://www.yourdomain.com$request_uri;
}
return 301 https://$host$request_uri;If your Plesk configuration is becoming complex — multiple redirects across domains, subdomains, load balancers, and custom Nginx directives — it is easy to create conflicts that are hard to trace. CloudHouse's managed server team handles Plesk web server configuration, SSL setup, and redirect troubleshooting as part of ongoing server management.
HTTPS Redirect Checklist for Plesk
- ✅ SSL certificate installed and valid for the domain (no browser errors on HTTPS)
- ✅ 301 redirect confirmed from HTTP to HTTPS (
curl -I http://yourdomain.com) - ✅ No redirect loop (curl -IL shows only one hop)
- ✅ www subdomain redirects correctly (if applicable)
- ✅ No mixed content warnings in browser console
- ✅ CMS site URL updated to https://
- ✅ Google Search Console property registered for https:// version
Forcing HTTPS in Plesk takes less than five minutes using the built-in UI redirect. Use the .htaccess method when you need application-level control or are behind a proxy. Use Nginx directives when Plesk is running Nginx in standalone mode. After enabling the redirect, verify with curl, check for mixed content in the browser console, and update your CMS URL settings. Done correctly, a forced HTTPS redirect improves security, consolidates your SEO authority onto a single URL, and eliminates the "Not Secure" browser warning permanently.