Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

all https requests redirect to main page..

Discussion in 'General Discussion' started by panayot, Dec 13, 2004.

  1. panayot

    panayot Well-Known Member

    Joined:
    Nov 18, 2004
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    166
    Hi,

    A month ago I setup self generated ssl using the main server IP and secure.hostingcompany.com for domain.

    This way all customers who could not afford to buy a certificate and dedicated IP could still take advantage of a secure connection to their admin areas on the sites or other purposes. Of course there were browser warnings that the domain did not correspond and that certificate was not from an authority but that is ok - it was still a secure connection.

    The problem is that all of a sudden https behaviour changed. when typing https://clientsite.com/ apache redirects to the main server website instead. I do not know what caused this change. perhaps some cpanel update? How can I get it back so that https requests stay at client's site and do not get redirected to main site?

    Thanks in advance
    Panayot
     
    #1 panayot, Dec 13, 2004
  2. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    532
    Likes Received:
    0
    Trophy Points:
    166
    There's a check box under Tweak Settings that says:
    When visiting /cpanel or /whm or /webmail with ssl redirect to the servers hostname.

    It's at the very bottom. You could try unchecking that. Or checking it and then unchecking it after saving the setting.
     
    #2 dezignguy, Dec 13, 2004
  3. panayot

    panayot Well-Known Member

    Joined:
    Nov 18, 2004
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    166
    Thanks for the tip, I tried it but did not work.

    It seems there can be only one SSL certificate per ip. Even if I put several virtual hosts with <VirtualHost 1.2.3.4:443> apache will redirect all https requests to the first virtual host and disregard any other ssl virtual hosts.
     
    #3 panayot, Dec 14, 2004
  4. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    532
    Likes Received:
    0
    Trophy Points:
    166
    ahh, I didn't realize you were trying to use SSL on multiple domains under the same ip...

    You're correct... you can't do that. SSL encrypts everything in the packet sent, including the hostname it's intended for... so it goes to the ip and apache doesn't know which virtual host it's intended for and can't sort it out like it does for normal virtual host requests because it's encrypted, so it goes to the first one in the list. Perhaps in the future, with Apache 2, this will or has been fixed... but not for everyone using cpanel.
     
    #4 dezignguy, Dec 15, 2004
  5. Vautrec

    Vautrec Member

    Joined:
    Jan 16, 2004
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    151
    Now I cannot remove it!

    Hallo, I did the same mistake.

    Now how do I remove this fake certificate which is redirecting all client sites to my own site?

    Merci
    :-D
     
    #5 Vautrec, Dec 16, 2004
  6. panayot

    panayot Well-Known Member

    Joined:
    Nov 18, 2004
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    166
    The funny thing is that this has worked for all sites on the server without redirecting! And I can give you example on another server (not cPanel) that it works - https://igphosting.com/
    You can see that the certificate is issued to server304.com and the ip is also only one but still it works. I will ask them and if I find the trick will post here.

    Vautrec,

    All you have to do is opne httpd.conf and search for '443'. You will find this way all virtual hosts that have <VirtualHost xx.xx.xx.xx:443> and you can remove whichever you do not need. You may want to backup your httpd.conf file before editing it!
     
    #6 panayot, Dec 17, 2004
  7. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    532
    Likes Received:
    0
    Trophy Points:
    166
    Yes, it'll work for all sites on that ip because it's being sent to the same ip and apache can't distinguish the difference... but your visitors will get a popup warning because the certificate name doesn't match the domain name they're going to. Actually they'll get two warnings, the other one because you're using a self-signed and untrusted certificate.

    Vautrec, you can delete the ssl host through whm... Delete an SSL Host
     
    #7 dezignguy, Dec 18, 2004
(You must log in or sign up to post here.)
Loading...
Similar Threads - https requests redirect
  1. Ravi Kumar ch

    In Progress https version of site time out

    Ravi Kumar ch, Oct 17, 2017 at 3:34 AM, in forum: Security
    Replies:
    7
    Views:
    58
    isaacl
    Oct 17, 2017 at 11:02 AM
  2. Sam A

    In Progress AutoSSL generated certificate doesn't work for https

    Sam A, Oct 13, 2017 at 11:10 PM, in forum: Security
    Replies:
    2
    Views:
    95
    cPWilliamL
    Oct 16, 2017 at 1:55 PM
  3. chanklish

    HTTPS to HTTP redirection

    chanklish, Oct 6, 2017, in forum: General Discussion
    Replies:
    7
    Views:
    127
    cPanelMichael
    Oct 10, 2017
  4. stapuff106

    Global https and non www not in htaccess

    stapuff106, Oct 2, 2017, in forum: Bind / DNS / Nameserver Issues
    Replies:
    1
    Views:
    104
    cPanelMichael
    Oct 4, 2017
  5. markusa

    EA4 - Apache http redirection to https

    markusa, Sep 12, 2017, in forum: EasyApache
    Replies:
    3
    Views:
    140
    cPanelMichael
    Sep 12, 2017

Share This Page