Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL setup process redirects new website to another domain name on server?

Discussion in 'Security' started by tvcnet, Mar 16, 2018.

Tags:
  1. tvcnet

    tvcnet Well-Known Member
    PartnerNOC

    Joined:
    Aug 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    San Diego
    cPanel Access Level:
    DataCenter Provider
    Hi cPanel,

    On our servers, when a new account is set up for SSL, the client's website redirects to another website set on server unexpectedly. This causes our clients a lot of confusion, especially when we are first setting up an account for auto SSL (and their webstie is showing another client's website sharing the same server).


    Is there no way for us to set the account the server redirects too during the Auto SSL setup process?


    I'm hoping there might be a way for us to set up an account on server that client may see during the verification, instead of what appears to be the first account in the vhosts file.


    Your thoughts?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,792
    Likes Received:
    83
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    The AutoSSL works in a way that it first validates it by creating a link and getting proper output from that link. If for any reason the account redirects, then there are chances of this validation failing. Can you check the AutoSSL logs to see if the validation for those domains were proper and that the SSL were issued and installed properly.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. tvcnet

    tvcnet Well-Known Member
    PartnerNOC

    Joined:
    Aug 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    San Diego
    cPanel Access Level:
    DataCenter Provider
    Thank you.

    But your response has no relation to my question.

    Please re-read the question.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi Jim,

    Accessing a new domain name over SSL should not result in the website loading the SSL contents of another domain name. That should only occur if you were accessing the website via it's IP address, or if you've turned off the following option under the "Security" tab in "WHM >> Tweak Settings":

    Generate a self signed SSL certificate if a CA signed certificate is not available when setting up new domains

    Per it's description:

    When you create a new domain, cPanel will apply the best available certificate (CA signed); otherwise cPanel will apply a self-signed SSL certificate and request a new certificate via AutoSSL if it is enabled. Warning: If you disable this option, and a CA signed certificate is not available, when a user attempts to visit the newly created domain over https, the user will see the first SSL certificate installed on that IP address. Warning: If you enable this option and do not have a CA signed certificate or AutoSSL enabled, Google search results may point to the SSL version of the site with a self-signed certificate, which will generate warnings in the users’ browser. To avoid both of these concerns, we strongly recommend that you enable AutoSSL.

    Have you turned this option off on this system?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. dclaw

    dclaw Member
    PartnerNOC

    Joined:
    Aug 24, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    Escondido, CA
    Hi,

    There's 2 issues here.

    1. When there is no SSL installed on a domain, accessing a domain configured on the server at port 443 will present the SSL certificate of another SSL configured domain. This is how it has always been. Is there a solution?

    For example:

    domain.com has an ssl certificate

    domain2.com has no ssl certificate

    visiting https://domain2.com will show an SSL warning because it is loading domain.com's ssl certificate

    2. This is happening even when 'Generate a self signed SSL certificate if a CA signed certificate is not available when setting up new domains' is enabled, as for some reason this doesn't always generated a certificate. Additionally, having a self-signed certificate installed always breaks automatic AutoSSL runs, as it will not replace self-signed certificates.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    It's normal to see that behavior when installing SSL certificates on shared IP addresses due to the way SNI works. We document methods to address this on our SSL FAQ document:

    My certificate installed, but visitors who try to securely access other sites on the shared IP address can only see the site with an installed SSL certificate, not my default domain.

    AutoSSL can replace self-signed certificates automatically if you enable the following feature under the "Options" tab in "WHM >> Manage AutoSSL":

    Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.

    Per it's description:

    This option will allow AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users’ CA-issued certificates if they are invalid or expire within 3 days.

    Unless you fully understand this option, do not select it, because the system could unexpectedly replace an expiring or invalid EV or OV certificate with a DV certificate.

    As far as the automatic self-signed SSL certificate setup, is the system attempting to generate an AutoSSL certificate for the new domain name upon account creation, and does that initial attempt to do so fail? Or, do you have AutoSSL disabled for new accounts?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Mark Bailey

    Mark Bailey Registered

    Joined:
    Jun 8, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Charlotte, NC
    cPanel Access Level:
    Root Administrator
    We have the same problem. We just issued a new AutoSSL certificate for a site. AutoSSL reported the certificate being set up properly. But when anyone goes to the https version of that site, they are redirected to another domain (which happens to begin with A and is probably the first domain on the server alphabetically. Very confusing and frustrating for end users and the client.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi Mark,

    This should not happen unless the following feature is disabled under the Security tab in WHM >> Tweak Settings:

    Generate a self signed SSL certificate if a CA signed certificate is not available when setting up new domains.

    When that feature is disabled, it's possible a period of time will exist where no SSL certificate is installed for the domain name. Since it can sometimes take a few hours for the AutoSSL validation process to occur, that would leave the domain name with no certificate for a few hours and thus you'd notice the reported behavior.

    Can you provide more details about how you are verifying the AutoSSL certificate was installed for the domain name?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice