SSL Certs on a Reseller's primary domain

[itzhero]

Hello again cPanel forums!

I've got a reseller who has purchased a SSL certificate and I have set his domain to an extra IP I have on the box. However, when I set the IP Address to his domain, it applies to all of his clients as well even tho he is set to use the main shared IP.

http://reseller.com works as normal, however https://reseller.com does not connect.

Any thoughts?

-itzhero

[itzhero]

It should be noted that the type of cert he purchased was a 5-domain UCC cert, if that matters.

[cPanelDon]

Hello again cPanel forums!

I've got a reseller who has purchased a SSL certificate and I have set his domain to an extra IP I have on the box. However, when I set the IP Address to his domain, it applies to all of his clients as well even tho he is set to use the main shared IP.

http://reseller.tld works as normal, however https://reseller.tld does not connect.

Any thoughts?

-itzhero

To form a more accurate diagnosis it will help greatly to know some additional information:

1. What is the precise symptom being seen on the non-reseller accounts; what aspect of the non-reseller (client) accounts is affected and in what way has it changed from the expected behavior?
2. Is each client under the reseller setup as a separate cPanel account, or are they setup only as add-on domains?
3. What is the output of the following command via root SSH access?
   
   Code:

   # grep -H '' /etc/*release /usr/local/cpanel/version /var/cpanel/envtype

[itzhero]

1. Client accounts have not changed at all. IP still remains the shared IP. I applied my new IP Address to the reseller.tld and it affected all of his addon domains. Should I have left it as the shared and set up the cert on the new IP? For some reason this was the only way I could set up a cert before if I recall correctly.

2. He has four or five addon domains and a few clients with their own cPanel logins.

3. Below:

Code:

/etc/redhat-release:CentOS release 5.2 (Final)
/usr/local/cpanel/version:11.25.0-RELEASE_43473
/var/cpanel/envtype:virtuozzo

Thank you for your assistance

-itzhero

[itzhero]

After we do the CSR and set up the domain, we are getting a mismatch error between the cert (provided by godaddy.com) and the private key.

Code:

Modulus mismatch, key file does not match certificate. Please use the correct key file

[cPanelDon]

1. Client accounts have not changed at all. IP still remains the shared IP. I applied my new IP Address to the reseller.tld and it affected all of his addon domains. Should I have left it as the shared and set up the cert on the new IP? For some reason this was the only way I could set up a cert before if I recall correctly.

2. He has four or five addon domains and a few clients with their own cPanel logins.

3. Below:

Code:

/etc/redhat-release:CentOS release 5.2 (Final)
/usr/local/cpanel/version:11.25.0-RELEASE_43473
/var/cpanel/envtype:virtuozzo

Thank you for your assistance

-itzhero

When stating to "shared" and "shared IP" are both of these only referring to a specific IP address set as the reseller's shared IP (via WHM: Main >> Resellers >> Reseller Center), the main server shared IP address of the server, or is this also referring to having setup a shared SSL certificate for the entire server (via WHM: Main >> SSL/TLS >> Manage SSL Hosts)?

For reference, the shared IP address defined for a reseller may be different from the dedicated IP address assigned to the reseller's main cPanel account.

If the SSL certificate is needed to apply only for the reseller's primary cPanel account (that would include any parked or add-on domains), then the reseller's cPanel account should have its own dedicated IP, separate from any shared IPs, and then the desired SSL certificate should be installed. In order to have the SSL certificate not affect other cPanel accounts the SSL host should be setup on its own dedicated IP address and not on a shared IP address.

After we do the CSR and set up the domain, we are getting a mismatch error between the cert (provided by godaddy.com) and the private key.

Code:

Modulus mismatch, key file does not match certificate. Please use the correct key file

The SSL certificate and RSA private key (CRT and KEY) are a unique pair and must match. I recommend using WHM to perform the SSL installation. Please note that in some cases if there are multiple certificate and key pairs this may inadvertently cause a different key to be detected; to avoid this, simply ensure the KEY entered is the same one that matches the CSR and generated CRT from the issuing vendor.

Existing SSL certificates, RSA private keys, CA bundles (where applicable), and CSRs, may be found in the following directory paths:

Code:

/etc/ssl/certs/
/etc/ssl/private/
/home/$username/ssl/certs/
/home/$username/ssl/private/

In addition to the above, certain older OS installations may also use the following directory paths, such as in RHEL4 and CentOS4:

Code:

/usr/share/ssl/certs/
/usr/share/ssl/private/

Within "/etc/ssl/" here are a few example paths for a CA bundle, CRT, CSR, and KEY:

Code:

/etc/ssl/certs/domain.tld.cabundle
/etc/ssl/certs/domain.tld.crt
/etc/ssl/certs/domain.tld.csr
/etc/ssl/private/domain.tld.key