The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Godaddy UCC multiple Domain SSL and WHM

Discussion in 'General Discussion' started by leeburstroghm, Dec 12, 2008.

  1. leeburstroghm

    leeburstroghm Registered

    Joined:
    Dec 12, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    We have many store fronts on our whm server. A multpile domain SSL was purchased in the hopes of saving money when getting all the domains on our server to be ssl enabled.

    Are the UCC Multiple domain godaddy SSL certs compatible with whm? how do we set it up?

    Thanks for any help!!
     
  2. handsonhosting

    handsonhosting Well-Known Member

    Joined:
    Feb 17, 2002
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Omaha, NE
    cPanel Access Level:
    Root Administrator
    We had a user ask a similar question, and from everything I found it does not work.

    From what I remember when the client was running this they were getting an SSL Overlap due to how Apache was built. I guess you could compile apache differently and it might work, but out of the box it didn't work for us or the client.
     
  3. Stuff4Toys

    Stuff4Toys Member

    Joined:
    Oct 3, 2008
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Wisconsin
    Has anyone figured out how to make this work? I would sure appreciate it if you would share the process with me.

    JOhn ><>
     
  4. stevenc317

    stevenc317 Well-Known Member

    Joined:
    Jan 27, 2009
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    I am actually *about* to be in the same boat, has anyone figured out if it will work?

    thanks
     
  5. PV-Patrick

    PV-Patrick Member

    Joined:
    Jun 26, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Has anyone found any information on this? I am in a similar boat...
     
  6. canadiancow

    canadiancow Active Member

    Joined:
    Jul 7, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    This is still annoying me...

    The subject name on my cert is example1.com, and I have an alt name example2.com.

    https://www.example1.com works as expected
    https://www.example2.com shows example1.com
    https://www.example1.com/~example2 shows example2.com without any SSL errors
    https://www.example2.com/~example2 shows example2.com without any SSL errors

    Why is it so difficult :(

    It was mentioned that this is an Apache issue. Can you only register one cert per IP, and does it then fork all incoming connections on that IP to the subject name, ignoring the actual request? Or is this just a configuration issue in WHM?

    I'd really like to get this working properly.
     
  7. sirdopes

    sirdopes Well-Known Member
    PartnerNOC

    Joined:
    Sep 25, 2007
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    As long as the cert is the same for all of the domains, you should be able to put them on the same ip. Apache is going to complain about an overlap but it should still start. They are just warnings. I am not sure if you can set them up in whm. I set this up manually the last time I did it.
     
  8. canadiancow

    canadiancow Active Member

    Joined:
    Jul 7, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    How do you set it up manually?
     
  9. davidh

    davidh Registered

    Joined:
    May 26, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    how do you go about setting it up manually in Cpanel??

    It work be great if you shared?

    Thanks
     
  10. goseese

    goseese Registered

    Joined:
    Sep 2, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Generate CSR for godaddy UCC SSL for multiple domains having different IP addresses

    Here is how you do it.
    1) after you purchase your UCC certificate and apply the credit. Generate A CSR as normal from WHM for 1 domain. Use that CSR to generate your initial SSL. Lets call the initial domain www.domain1.com

    It is very important that you keep your original key, you will need this later.

    2) Once your initial domain name has been vetted download the certificate, select cPanel as the type.

    3) install the certificate using the "Install a SSL Certificate and Setup the Domain" tab in WHM. Paste in the certificate. WHM will auto fill the domain and user. Change the domain to www.domain1.com if not already set to that. Change the user to nobody, the IP address should be correctly set to the IP address of domain1.com

    4) Paste in your original key, if you don't do this your certificate will say its an invalid self signed cert.

    5) Paste in the bundle in the space provided

    6) Hit submit. That should complete domain1.com. Test it by going to https://domain1.com

    7) Go back to godaddy, and navigate to the SSL area and manage the UCC certificate. Add a new domain (SANS) by typing the name in the field www.domain2.com and hit add, then hit manage.

    8) After your new domain is vetted, go back to godaddy and download the new certificate, be sure to select the type cPanel.

    9) Return to WHM "Install a SSL Certificate and Setup the Domain".

    10) Paste in your downloaded certificate,

    11) Change the domain name two your 2nd domain, in this case www.domain.2com.

    12) Change the user to nobody

    13) Change the IP address to the ip address of www.domain2.com

    14) Past in your original Key (again important or it will be self signed)

    15) Past in the cert bundle you just downloaded

    16) Hit submit and you should be done.

    - Repeat this for ever domain you want to add.
     
  11. jonwatson

    jonwatson Well-Known Member

    Joined:
    Apr 1, 2007
    Messages:
    101
    Likes Received:
    1
    Trophy Points:
    16
    This totally does not work. As soon as you try to enter the second UCC, WHM errors out with:

    What version of WHM are you using where this works?
     
  12. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You could do this by doing the following outside of WHM:

    1. Copy the initial SSL in /var/cpanel/userdata/nobody/domain.com_SSL location to /var/cpanel/userdata/username location

    2. Change the domain to the new domain name for the file (so /var/cpanel/userdata/username/newdomain.com_SSL would be the new name).

    3. Edit the file newdomain.com_SSL to change all instances of nobody to the username for that domain and then changing /usr/local/apache/htdocs to the actual document root (/home/username/public_html/).

    4. Copy the /etc/ssl/certs/ files from domain.com.crt and domain.com.cabundle to newdomain.com.crt and newdomain.com.cabundle

    5. Copy the /etc/ssl/private/ file from domain.com.key to newdomain.com.key

    After making those changes, then rebuild and restart Apache:

    Code:
    cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak101030
    /scripts/rebuildhttpdconf
    /etc/init.d/httpd restart
    It will complain about the multiple virtual host entries, but it will rebuild and should work regardless.
     
  13. colonelclick

    colonelclick Registered

    Joined:
    Aug 29, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I have gone through these instructions precisely several times. When I get to the step for rebuilding Apache, it gives a message that it was rebuilt, but when I check the conf file, I do not see the new information that I would expect to be there for the second domain.

    Can anyone shed light on this? Or do you have a paid service that can install our GoDaddy UCC for us?

    Thanks.

    Edit: I want to add that I was able to get it working by adding the lines in the conf by hand, but I am worried this will cause me to lose the changes next time cpanel rebuilds so I would like to get them into the proper flow.


     
    #13 colonelclick, Aug 29, 2011
    Last edited: Aug 29, 2011
  14. lyndsaym

    lyndsaym Registered

    Joined:
    Sep 12, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks to all above who have contributed to this. You've all provided the info I needed to get this working, after several frustrating days.

    I have a solution based on the posts above, that solves colonelclick's problem, and simplifies some of the method also, if you can't get it working entirely within WHM/cpanel:

    Obtain, download and install a UCC certificate as described above, but including all the domains (Subject Alternate Names) you need. Quoting from goseese so it's all in one place:

    {quote}
    1) after you purchase your UCC certificate and apply the credit. Generate A CSR as normal from WHM for 1 domain. Use that CSR to generate your initial SSL. Lets call the initial domain www.domain1.com

    It is very important that you keep your original key, you will need this later.

    2) Once your initial domain name has been vetted download the certificate, select cPanel as the type.

    3) install the certificate using the "Install a SSL Certificate and Setup the Domain" tab in WHM. Paste in the certificate. WHM will auto fill the domain and user. Change the domain to www.domain1.com if not already set to that. Change the user to nobody, the IP address should be correctly set to the IP address of domain1.com

    4) Paste in your original key, if you don't do this your certificate will say its an invalid self signed cert.

    5) Paste in the bundle in the space provided

    6) Hit submit. That should complete domain1.com. Test it by going to https://domain1.com

    At that point, any attempts to access your VirtualHosts with https should send you to the primary domain of the SSL certificate.
    {/quote}

    Next:

    1. Open your httpd.conf (/usr/local/apache/conf/httpd.conf) and copy the VirtualHost definition for your primary SSL VirtualHost to a text file. (You don't necessarily need to back it up, you're not going to change or save it.)

    2. Edit the new file, copying the VirtualHost there for each other VirtualHost that you want to provide SSL for
    - Change each reference to domain1.com to domain2.com, etc, EXCEPT for the references to the SSL certificate.
    Leave those as they are, so you don't need to copy the certificate files anywhere else.
    - Change the username and user group for the domain, the admin email address etc if necessary, etc.

    3. Copy the file to your clipboard. Navigate to WHM/Apache configuration/Include editor. Go to the section "Post VirtualHost Include", select "All Apache versions", and paste your new file into the box there, and click update.

    4. Restart Apache, (either there in WHM, or by /etc/init.d/httpd restart). You should now have working SSL VirtualHosts for each one you defined in the include file. You'll have to maintain those by hand, but you haven't interfered with you primary SSL domain, or any of your http domains. And if you save a copy of the include file, you'll have a clean rollback position next time you change it.

    One more hint, if you need to update the certificate later to include more SANs, and WHM refuses to clean out the old ones (as I found, and so did the many others whose frustrated postings I've read elsewhere), just download the new files, and replace them directly in /etc/ssl/certs/. As long as the filenames in the httpd.conf include file you created match, and the server key remains the same, all will be well :)
     
  15. colonelclick

    colonelclick Registered

    Joined:
    Aug 29, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Awesome, great addition to this process that should help preserve changes.

    I want to add that deleting these by hand is quite simple, you will see them cluttering up your /etc/ssl/certs/ and /etc/ssl/private/ paths with names matching the files in WHM. I just deleted them by hand and they disappeared from WHM.
     
  16. hermes369

    hermes369 Member

    Joined:
    Jan 2, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Sorry for my noobishness; but, won't there be overlapping conf directives if one copies all of the stanzas from the default? Should one not just alter the existing httpd.conf file and run the distiller? Again, I apologize if I'm being ignorant.
     
  17. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You should not directly edit the httpd.conf file itself.for those VirtualHost directives. They are in /var/cpanel/userdata/username/domain.com or sub.domain.com location and should be edited there instead.
     
  18. hermes369

    hermes369 Member

    Joined:
    Jan 2, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the quick followup. I've followed the instructions; but, I'm getting nowhere fast. The path mentioned in my httpd.conf file is included at the bottom of the default domain's ssl stanza:

    Code:
    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/ssl/2/nobody/mydomain1.com/*.conf"
    Should I create
    Code:
    userdata/ssl/2/mydomain2/mydomain2.org/
    directories and include it in the Include Editor in Post VirtualHost Config?

    I have tried the instructions from post #14(I think it's 14) using Main >> Service Configuration >> Apache Configuration >> Include Editor >> Post VirtualHost Config but I still get directed to the "Default Web Site Page".

    I appreciate your help. Thanks!
     
  19. LRM67

    LRM67 Registered

    Joined:
    Dec 14, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    duplicate post
     
    #19 LRM67, Dec 14, 2011
    Last edited: Dec 14, 2011
  20. LRM67

    LRM67 Registered

    Joined:
    Dec 14, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    This is a second attempt to add this post- it didn't show up the first time. So if it turns up twice, sorry - I'll delete one.

    This just isn't working for me... hopefully someone can see why or give me further instructions.
    My situation:
    I have a main domain and two addon domains set up under one cPanel user and one dedicated IP.
    I have a UCC from godaddy with the main domain as the first name and containing the other two domains (and some others I intend on moving over at later dates). The certificate is installed and works for the main domain - domain1.com.

    I attempted to get domain2.com https accessible by following the instructions from post #12: copying, renaming and editing the files as mentioned there. Rebuilt and restarted. The followed the instructions from post #14 to add it as an vhost include and restarted Apache.

    It seemed to have worked but then I found domain1.com was now redirected to domain2.com when trying to access it with https.

    Next I went through all the steps a second time for domain3.com... the restart now threw a warning
    Code:
     [warn] VirtualHost ##.##.##.##:443 overlaps with VirtualHost ##.##.##.##:443, the first has precedence, perhaps you need a NameVirtualHost directive
    When I tested I found that domain1.com and domain3.com both redirect to domain2.com when accessed as https...
    I reset everything back to the way it was initially and tried again with the same results.

    So now I'm stuck and don't know if I understood the setup or changes incorrectly or just messed up somewhere. I've been at this (including searching and research) for days now and I'm getting really frustrated over something that looks like it should be fairly straightforward.
     
Loading...

Share This Page