Best way to setup shared IP addresses for SSL?

slinky

Well-Known Member
Jul 26, 2007
78
2
58
I'm having some challenges getting something I'll need to have occur often setup reliably -- setting up a shared IP address dedicated for domains using SSL. I have read a couple of issues with CPanel and SNI which also make me hesitant to use shared IP addresses for SSL (and to some degree, have to question the true level of "security" by doing so, but that's another question.) Can anyone point to a FAQ, page or recommend the way for an admin to set up accounts so that they can share an IP address for different sites using SSL?
 

slinky

Well-Known Member
Jul 26, 2007
78
2
58
So I found this document that tells you how to set up NEW accounts using resellers which I'm not altogether clear about but it also doesn't answer the question of how to combine existing accounts that are set up using WHM and currently have their own dedicated IP address.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello :)

You could temporarily change the shared IPv4 address configured via:

"WHM Home » Server Configuration » Basic cPanel & WHM Setup"

Then, assign the accounts of your choosing to the IP address, and setup the SSL certificates. Note this document may also help:

SSL FAQ and Troubleshooting - Documentation - cPanel Documentation

Thank you.
 

slinky

Well-Known Member
Jul 26, 2007
78
2
58
Michael - Thanks. I decided to take down the sites and reset them up under private resellers. But there is a huge problem, which is reiterated above:

SSL+SNI and sites without SSL installed on the same IP -> Shows another user's site potentially.

If any IP address is shared with non-ssl sites, the http request goes to another website that is first registered. So if you had https / first.com registered first and then you were trying to add second.com, you can't validate or verify second.com at any stage. It's a serious bug. You register a new domain, download the Google file to verify or from Comodo to verify ownership of the domain. The second.com / textfile.html URL does NOT work. Instead, you get a redirection to first.com saying you have a setup error. So the author of that thread was absolutely correct. Serious problem that needs resolution.