The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

*.domain.com Wildcard SSL issues :-(

Discussion in 'General Discussion' started by dgfadmin, Feb 6, 2009.

  1. dgfadmin

    dgfadmin Member

    Joined:
    Feb 6, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi all,

    I have been using cPanel with our hosting company for over 3 years now but have recently hit on a problem which I cannot get around, and our hosting provider's technical support has been silent for over a week on the issue (despite daily live chats and phone calls!). The server admin made one failed attempt to solve the issue after 5 days but failed and has yet to respond again. I am starting to think they do not have an answer so have turned here in the hope you guys and girls can help!

    We were until recently running an ssl cert on a dedicated IP for our web store at store.domain.com which was working perfectly. Last month however we decided to add a secure portal for a trade extranet to manage our distributed sales force and suppliers. This obviously required a new ssl for extranet.domain.com and we were pointed in the direction of a wilcard certificate.

    We purchased a GoDaddy wildcard to initially get set up before switching back to our provider of choice Comodo. As there was no option to generate a private key / csr for *domain.com in cPanel, tech support did this for us and then we submitted the cert and bundle back to them to install.

    The problems started here:mad:


    Now:

    http://www.domain.com and https://www.domain.com are working fine

    but only 1 subdomain is correctly functioning:
    http://store.domain.com and https://store.domain.com

    ...any other subdomain (including extranet / sales / subdomainX etc.) is now forwarding to the store.domain.com page and not the correct page under ssl.

    E.G:
    http://extranet.domain.com shows the extranet successfully
    but https://extranet.domain.com re-directs to the store subdomain page.

    and

    http://sales.domain.com shows the sales page successfully
    but https://sales.domain.com also directs to the store subdomain page.


    If anyone could shed some light on how to solve this that would be fantastic!
     
  2. dgfadmin

    dgfadmin Member

    Joined:
    Feb 6, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Ttt

    Anyone have any ideas on this one?

    Hosting support are yet to come back to me again having tried and failed to fix this issue.

    We are now into day 11 since the sys admin looked at this so any help you guys could offer would be great!
     
  3. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    You can try looking at http://forums.spry.com/showthread.php?t=1127 it seems they are suggesting repeatedly installing the certificate for each subdomain you have. Instead of installing the certificate to *.domain.com you need to take the *.domain.com certificate and repeatedly install it to store.domain.com and extranet.domain.com and sales.domain.com. I do not know if this will work but since you have not gotten a repsonse I thought I would share.
     
  4. dgfadmin

    dgfadmin Member

    Joined:
    Feb 6, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    :) Thanks for the response - and the link!

    I'll certainly give this a go and see what happens. Fingers crossed!
     
  5. feeneyman

    feeneyman Registered

    Joined:
    May 20, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    You shouldn't have to install the cert per subdomain. What i've found when using a wildcard ssl on a Cpanel server is this.

    1. Generate the CSR using *site.com like normal (found in Cpanel doc.)
    2. Purchase the cert from GoDaddy or whoever using the CSR generated from the server.
    3. Install the Cert given from GoDaddy (or whoever) by pasting the cert info (.crt, .key, and ca bundle) into the appropriate places. HOWEVER, (and this is key) don't use *site.com as the domain. If you are installing the cert in the web host manager (Server Cpanel), it will most likely not let you. Intead of using *site.com for the domain, simply use 'site.com' (no *). In my experiences this has driven me madddd crazzy! The documentation for Cpanel says otherwise but in order to get it to work on my servers (and have it work for all subdomains), i've had to follow the instructions i just gave. Good luck and hopefully this helps!
     
  6. dgfadmin

    dgfadmin Member

    Joined:
    Feb 6, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi Guys,

    Thanks for all your help!

    Our old host's sysadmin actually managed to get this working, with each subdomain working properly on wildcard ssl - he actually had to manually configure the http.conf - I have no idea what changes he made but I was a happy chap.

    One year on however, we have outgrown shared hosting and moved to our own vps :-0 and guess what - we are right back at square 1 as regards ssl! Having read all the related topics on this forum, gooooogled and even phoned godaddy the ssl issuer for support (who by the way said cPanel wouldn't even tell them how to configure it so they had no instructions for me!) I am having the same issues as before!

    I am hoping that someone out there knows the best method for getting ssl wildcard certs working on cPanel / WHM and can reply with a clear and easy to follow set of steps - as far as I can see no definitive solution with a guide to implementation exists whether on the forums, or officially from cPanel so if we get a good answer here perhaps it will even make its way into the offical cPanel docs to prevent future headaches!

    So if anyone knows the answer - how do we get this set up???!

    :)
     
  7. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Open your /usr/local/apache/conf/httpd.conf file.
    Search for the ssl virtualhost. (ie. 12.34.56.78:443)

    Add this line inside the virtualhost:
    ServerAlias *.yourdomain.com

    In DNS manager in WHM add the zone
    * IN A 12.34.56.78
     
  8. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Without manual configuration, each domain or sub-domain needing SSL would need to be on its own dedicated IP address; having a dedicated IP for each domain or sub-domain for SSL is the easiest solution. This would, for example, mean each site that needs its own IP for SSL may need to be created as a cPanel account, for easier management over the dedicated IP. In this scenario, when installing the SSL certificate, it may help to ensure that the domain (on the SSL install page in WHM) is changed from "*.domain.tld" to match the actual sub-domain or domain that is receiving the new SSL certificate. Here are some steps to follow for this method:

    WHM: Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain
    1.) Copy and paste the wildcard SSL certificate into the first text area.
    2.) Allow the rest of the text areas to be automatically filled.
    3.) Double check the SSL key and CA bundle for accuracy.
    4.) Change the wild card domain name to match the actual account domain name.
    5.) Ensure the username and IP address also match the actual account involved.

    The solution above is what I recommend as it is least prone to manual (human) error.

    Unless you require wildcard sub-domains (e.g., wildcard DNS entry for sub-domains), it is not necessary to manually edit the DNS zone nor add a wildcard entry into the Apache virtual host (e.g., for *.domain.tld).

    It is technically possible to have a single wildcard SSL certificate installed to more than one sub-domain on a single IP address, but this requires customization to the Apache configuration (httpd.conf) file; however, this method may not be guaranteed to be retained if you attempt to update the wildcard SSL certificate at a later date (e.g., re-installing the SSL CRT via WHM), because it is assumed you have just one SSL certificate installed per account/IP. It couldn't hurt to open a feature request on our forums asking for enhanced functionality in this regard.
    Feature Requests for cPanel and WHM - cPanel Forums

    If you have an available IP address to use for each sub-domain needing SSL, then there is no manual configuration required and the steps outlined above should be followed to ensure a successful installation via cPanel/WHM.

    However, if you specifically require the wildcard SSL certificate to be installed on a single dedicated IP and not separate IPs, then the following might help, but this may not be a supported solution. To install wildcard SSL on more than one sub-domain -and- on a single dedicated IP address the following steps could be used at one's own risk:

    Extreme caution is advised due to the risk of manual (human) error this can involve, and this method should be performed only by those experienced with manually editing httpd.conf and comfortable with repairing a failed or broken Apache configuration in case it does not work as expected.

    #1.) Backup the Apache configuration:
    Code:
    # cp -pv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup.01
    #2.) Via WHM, install the wildcard SSL certificate onto the first sub-domain, ensuring the domain used when installing is that of the actual sub-domain and not a wildcard "*" sub-domain.

    #3.) Backup the Apache configuration:
    Code:
    # cp -pv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup.02
    #4.) Via WHM, install the wildcard SSL certificate onto the second sub-domain, ensuring the domain used when installing is that of the actual sub-domain and not a wildcard "*" sub-domain.

    #5.) Backup the Apache configuration:
    Code:
    # cp -pv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup.03
    #6.) Compare the difference between the second #02 and third #03 backups, noting that the first SSL virtual host was likely removed. The first SSL virtual host was likely replaced by the second SSL virtual host that was installed, as should be evident in backup #03. Use this information to manually re-add the first SSL virtual host into the Apache configuration (httpd.conf) file.

    Here is a command you can use to view the difference between one file and another, but the output may not be readily suited to copy and paste because of the characters prefixing each line:
    Code:
    # diff -us /usr/local/apache/conf/httpd.conf.backup.02 /usr/local/apache/conf/httpd.conf.backup.03
    After manually editing, please be sure to save another fresh backup each time the edit is completed.


    Please use the following to test if your changes pass a basic configtest by Apache:
    Code:
    # /usr/local/apache/bin/apachectl configtest

    If the edited configuration passes the configtest, then you could proceed further to verify if Apache can restart successfully:
    Code:
    # /usr/local/apache/bin/apachectl restart
    or
    Code:
    # /usr/local/apache/bin/apachectl stop
    # /usr/local/apache/bin/apachectl start

    Test if Apache restarted successfully by checking its status:
    Code:
    # /usr/local/apache/bin/apachectl status

    If Apache fails to restart (e.g., if it fails to respond to the status check or if that produces an error), then you may want to revert your Apache configuration back using the first backup created, followed by another restart and status check:
    Code:
    # cp -pv /usr/local/apache/conf/httpd.conf.backup.01 /usr/local/apache/conf/httpd.conf

    If Apache passes the configtest and if it can successfully restart, you may need to run the following commands to further test and check if your changes are saved or retained properly:
    Code:
    # /usr/local/cpanel/bin/apache_conf_distiller --update
    # /scripts/rebuildhttpdconf
     
  9. dgfadmin

    dgfadmin Member

    Joined:
    Feb 6, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi Guys,

    Firstly Host Ultra, I appreciate you taking the time to reply here this has been driving me round in circles :)

    And secondly big thanks to cPanelDon - you have delivered exactly what was requested - a very clear and concise, easy to follow guide to wildcard SSL. Thank you!

    I will get straight on to getting this setup tomorrow and I hope this thread serves as a useful reference for others wishing to integrate a wildcard ssl in cPanel! This will complete cPanel for us into the perfect admin panel - easy to work with but very powerful.

    Just to add a text string to make it easier to find for those who search later on... how to install a wildcard ssl certificate

    :)
     
    #9 dgfadmin, Oct 19, 2009
    Last edited: Oct 19, 2009
  10. chetanmadaan

    chetanmadaan Member

    Joined:
    Jun 18, 2010
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    thanks for the amazing thread so far.


    thanks for the great description so far... i think the only problem i am having right now is at step # 2
    #2.) Via WHM, install the wildcard SSL certificate onto the first sub-domain, ensuring the domain used when installing is that of the actual sub-domain and not a wildcard "*" sub-domain.

    i keep getting the same error no matter what should i enter.

    An error occurred while running: /usr/local/apache/bin/httpd -DSSL -t -f /usr/local/apache/conf/httpd.conf Exit signal was: 0 Exit value was: 1 Output was: --- Syntax error on line 1 of /usr/local/apache/conf/includes/post_virtualhost_2.conf: Invalid command , perhaps mis-spelled or defined by a module not included in the server configuration ---

    i tried the following:

    *subdomain
    *subdomain.domain.com
    /*subdomain.domain.com/
    subdomain
    subdomain.domain.com

    or anything else you might recommend.

    Thanks.
     
  11. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    To help clarity, the WHM menu path used to install SSL certificates is as follows: WHM: Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain

    The provided error detail indicates an issue with a file not mentioned in the steps outlined in my earlier post. I would double-check the contents of the file specified in the message and verify that it contains valid entries; it may help to disable any customizations that were added. For clarification, the specific file needing to be checked is specified here: Syntax error on line 1 of /usr/local/apache/conf/includes/post_virtualhost_2.conf: Invalid command , perhaps mis-spelled or defined by a module not included in the server configuration

    The aforementioned file may be viewed and modified using WHM via the following menu path: WHM: Main >> Service Configuration >> Apache Configuration >> Include Editor >> Post VirtualHost Include >> [Version 2]
     
Loading...

Share This Page