Godaddy UCC multiple Domain SSL and WHM
We have many store fronts on our whm server. A multpile domain SSL was purchased in the hopes of saving money when getting all the domains on our server to be ssl enabled.
Are the UCC Multiple domain godaddy SSL certs compatible with whm? how do we set it up?
Thanks for any help!!
We had a user ask a similar question, and from everything I found it does not work.
From what I remember when the client was running this they were getting an SSL Overlap due to how Apache was built. I guess you could compile apache differently and it might work, but out of the box it didn't work for us or the client.
Conor Treacy | Hands-on Web Hosting
cPanel eCommerce Hosting | X-Cart Web Hosting
SEO Consulting Omaha Nebraska
Has anyone figured out how to make this work? I would sure appreciate it if you would share the process with me.
JOhn ><>
JMDualPro - Marine and Sports Battery Chargers
JMKerusso - Quality Kerusso Christian Wear
Stuff4Toys - Stuff for your Boat
I am actually *about* to be in the same boat, has anyone figured out if it will work?
thanks
Steven Carlson
Auto-Corner: Turnkey used car dealer website system for only $299 per year
Has anyone found any information on this? I am in a similar boat...
This is still annoying me...
The subject name on my cert is example1.com, and I have an alt name example2.com.
https://www.example1.com works as expected
https://www.example2.com shows example1.com
https://www.example1.com/~example2 shows example2.com without any SSL errors
https://www.example2.com/~example2 shows example2.com without any SSL errors
Why is it so difficult
It was mentioned that this is an Apache issue. Can you only register one cert per IP, and does it then fork all incoming connections on that IP to the subject name, ignoring the actual request? Or is this just a configuration issue in WHM?
I'd really like to get this working properly.
As long as the cert is the same for all of the domains, you should be able to put them on the same ip. Apache is going to complain about an overlap but it should still start. They are just warnings. I am not sure if you can set them up in whm. I set this up manually the last time I did it.
How do you set it up manually?Originally Posted by sirdopes
how do you go about setting it up manually in Cpanel??
It work be great if you shared?
Thanks
Generate CSR for godaddy UCC SSL for multiple domains having different IP addresses
Here is how you do it.
1) after you purchase your UCC certificate and apply the credit. Generate A CSR as normal from WHM for 1 domain. Use that CSR to generate your initial SSL. Lets call the initial domain www.domain1.com
It is very important that you keep your original key, you will need this later.
2) Once your initial domain name has been vetted download the certificate, select cPanel as the type.
3) install the certificate using the "Install a SSL Certificate and Setup the Domain" tab in WHM. Paste in the certificate. WHM will auto fill the domain and user. Change the domain to www.domain1.com if not already set to that. Change the user to nobody, the IP address should be correctly set to the IP address of domain1.com
4) Paste in your original key, if you don't do this your certificate will say its an invalid self signed cert.
5) Paste in the bundle in the space provided
6) Hit submit. That should complete domain1.com. Test it by going to https://domain1.com
7) Go back to godaddy, and navigate to the SSL area and manage the UCC certificate. Add a new domain (SANS) by typing the name in the field www.domain2.com and hit add, then hit manage.
8) After your new domain is vetted, go back to godaddy and download the new certificate, be sure to select the type cPanel.
9) Return to WHM "Install a SSL Certificate and Setup the Domain".
10) Paste in your downloaded certificate,
11) Change the domain name two your 2nd domain, in this case www.domain.2com.
12) Change the user to nobody
13) Change the IP address to the ip address of www.domain2.com
14) Past in your original Key (again important or it will be self signed)
15) Past in the cert bundle you just downloaded
16) Hit submit and you should be done.
- Repeat this for ever domain you want to add.
This totally does not work. As soon as you try to enter the second UCC, WHM errors out with:
What version of WHM are you using where this works?[domain protected] is already configured for SSL on 184.106.220.195.
Only one SSL VirtualHost is allowed per IP address!
[domain protected] is already configured for SSL on 184.106.220.195. Only one SSL VirtualHost is allowed per IP address!
SSL Install aborted due to error.
You could do this by doing the following outside of WHM:
1. Copy the initial SSL in /var/cpanel/userdata/nobody/domain.com_SSL location to /var/cpanel/userdata/username location
2. Change the domain to the new domain name for the file (so /var/cpanel/userdata/username/newdomain.com_SSL would be the new name).
3. Edit the file newdomain.com_SSL to change all instances of nobody to the username for that domain and then changing /usr/local/apache/htdocs to the actual document root (/home/username/public_html/).
4. Copy the /etc/ssl/certs/ files from domain.com.crt and domain.com.cabundle to newdomain.com.crt and newdomain.com.cabundle
5. Copy the /etc/ssl/private/ file from domain.com.key to newdomain.com.key
After making those changes, then rebuild and restart Apache:
It will complain about the multiple virtual host entries, but it will rebuild and should work regardless.Code:cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak101030 /scripts/rebuildhttpdconf /etc/init.d/httpd restart
cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support
Submit a ticket | Check an existing ticket
Re: Godaddy UCC multiple Domain SSL and WHM
I have gone through these instructions precisely several times. When I get to the step for rebuilding Apache, it gives a message that it was rebuilt, but when I check the conf file, I do not see the new information that I would expect to be there for the second domain.
Can anyone shed light on this? Or do you have a paid service that can install our GoDaddy UCC for us?
Thanks.
Edit: I want to add that I was able to get it working by adding the lines in the conf by hand, but I am worried this will cause me to lose the changes next time cpanel rebuilds so I would like to get them into the proper flow.
Last edited by colonelclick; 08-29-2011 at 11:37 AM.
Re: Godaddy UCC multiple Domain SSL and WHM
Thanks to all above who have contributed to this. You've all provided the info I needed to get this working, after several frustrating days.
I have a solution based on the posts above, that solves colonelclick's problem, and simplifies some of the method also, if you can't get it working entirely within WHM/cpanel:
Obtain, download and install a UCC certificate as described above, but including all the domains (Subject Alternate Names) you need. Quoting from goseese so it's all in one place:
{quote}
1) after you purchase your UCC certificate and apply the credit. Generate A CSR as normal from WHM for 1 domain. Use that CSR to generate your initial SSL. Lets call the initial domain www.domain1.com
It is very important that you keep your original key, you will need this later.
2) Once your initial domain name has been vetted download the certificate, select cPanel as the type.
3) install the certificate using the "Install a SSL Certificate and Setup the Domain" tab in WHM. Paste in the certificate. WHM will auto fill the domain and user. Change the domain to www.domain1.com if not already set to that. Change the user to nobody, the IP address should be correctly set to the IP address of domain1.com
4) Paste in your original key, if you don't do this your certificate will say its an invalid self signed cert.
5) Paste in the bundle in the space provided
6) Hit submit. That should complete domain1.com. Test it by going to https://domain1.com
At that point, any attempts to access your VirtualHosts with https should send you to the primary domain of the SSL certificate.
{/quote}
Next:
1. Open your httpd.conf (/usr/local/apache/conf/httpd.conf) and copy the VirtualHost definition for your primary SSL VirtualHost to a text file. (You don't necessarily need to back it up, you're not going to change or save it.)
2. Edit the new file, copying the VirtualHost there for each other VirtualHost that you want to provide SSL for
- Change each reference to domain1.com to domain2.com, etc, EXCEPT for the references to the SSL certificate.
Leave those as they are, so you don't need to copy the certificate files anywhere else.
- Change the username and user group for the domain, the admin email address etc if necessary, etc.
3. Copy the file to your clipboard. Navigate to WHM/Apache configuration/Include editor. Go to the section "Post VirtualHost Include", select "All Apache versions", and paste your new file into the box there, and click update.
4. Restart Apache, (either there in WHM, or by /etc/init.d/httpd restart). You should now have working SSL VirtualHosts for each one you defined in the include file. You'll have to maintain those by hand, but you haven't interfered with you primary SSL domain, or any of your http domains. And if you save a copy of the include file, you'll have a clean rollback position next time you change it.
One more hint, if you need to update the certificate later to include more SANs, and WHM refuses to clean out the old ones (as I found, and so did the many others whose frustrated postings I've read elsewhere), just download the new files, and replace them directly in /etc/ssl/certs/. As long as the filenames in the httpd.conf include file you created match, and the server key remains the same, all will be well
Re: Godaddy UCC multiple Domain SSL and WHM
Awesome, great addition to this process that should help preserve changes.3. Copy the file to your clipboard. Navigate to WHM/Apache configuration/Include editor. Go to the section "Post VirtualHost Include", select "All Apache versions", and paste your new file into the box there, and click update.
I want to add that deleting these by hand is quite simple, you will see them cluttering up your /etc/ssl/certs/ and /etc/ssl/private/ paths with names matching the files in WHM. I just deleted them by hand and they disappeared from WHM.One more hint, if you need to update the certificate later to include more SANs, and WHM refuses to clean out the old ones (as I found, and so did the many others whose frustrated postings I've read elsewhere),
LinkBack URL
About LinkBacks
Reply With Quote