Godaddy UCC multiple Domain SSL and WHM

leeburstroghm

Registered
Dec 12, 2008
1
0
51
We have many store fronts on our whm server. A multpile domain SSL was purchased in the hopes of saving money when getting all the domains on our server to be ssl enabled.

Are the UCC Multiple domain godaddy SSL certs compatible with whm? how do we set it up?

Thanks for any help!!
 

handsonhosting

Well-Known Member
Feb 17, 2002
151
0
316
Omaha, NE
cPanel Access Level
Root Administrator
We had a user ask a similar question, and from everything I found it does not work.

From what I remember when the client was running this they were getting an SSL Overlap due to how Apache was built. I guess you could compile apache differently and it might work, but out of the box it didn't work for us or the client.
 

canadiancow

Active Member
Jul 7, 2003
27
0
151
This is still annoying me...

The subject name on my cert is example1.com, and I have an alt name example2.com.

https://www.example1.com works as expected
https://www.example2.com shows example1.com
https://www.example1.com/~example2 shows example2.com without any SSL errors
https://www.example2.com/~example2 shows example2.com without any SSL errors

Why is it so difficult :(

It was mentioned that this is an Apache issue. Can you only register one cert per IP, and does it then fork all incoming connections on that IP to the subject name, ignoring the actual request? Or is this just a configuration issue in WHM?

I'd really like to get this working properly.
 

sirdopes

Well-Known Member
PartnerNOC
Sep 25, 2007
141
0
66
As long as the cert is the same for all of the domains, you should be able to put them on the same ip. Apache is going to complain about an overlap but it should still start. They are just warnings. I am not sure if you can set them up in whm. I set this up manually the last time I did it.
 

canadiancow

Active Member
Jul 7, 2003
27
0
151
As long as the cert is the same for all of the domains, you should be able to put them on the same ip. Apache is going to complain about an overlap but it should still start. They are just warnings. I am not sure if you can set them up in whm. I set this up manually the last time I did it.
How do you set it up manually?
 

davidh

Registered
May 26, 2008
1
0
51
how do you go about setting it up manually in Cpanel??

It work be great if you shared?

Thanks
 

goseese

Registered
Sep 2, 2010
1
0
51
Generate CSR for godaddy UCC SSL for multiple domains having different IP addresses

Here is how you do it.
1) after you purchase your UCC certificate and apply the credit. Generate A CSR as normal from WHM for 1 domain. Use that CSR to generate your initial SSL. Lets call the initial domain www.domain1.com

It is very important that you keep your original key, you will need this later.

2) Once your initial domain name has been vetted download the certificate, select cPanel as the type.

3) install the certificate using the "Install a SSL Certificate and Setup the Domain" tab in WHM. Paste in the certificate. WHM will auto fill the domain and user. Change the domain to www.domain1.com if not already set to that. Change the user to nobody, the IP address should be correctly set to the IP address of domain1.com

4) Paste in your original key, if you don't do this your certificate will say its an invalid self signed cert.

5) Paste in the bundle in the space provided

6) Hit submit. That should complete domain1.com. Test it by going to https://domain1.com

7) Go back to godaddy, and navigate to the SSL area and manage the UCC certificate. Add a new domain (SANS) by typing the name in the field www.domain2.com and hit add, then hit manage.

8) After your new domain is vetted, go back to godaddy and download the new certificate, be sure to select the type cPanel.

9) Return to WHM "Install a SSL Certificate and Setup the Domain".

10) Paste in your downloaded certificate,

11) Change the domain name two your 2nd domain, in this case www.domain.2com.

12) Change the user to nobody

13) Change the IP address to the ip address of www.domain2.com

14) Past in your original Key (again important or it will be self signed)

15) Past in the cert bundle you just downloaded

16) Hit submit and you should be done.

- Repeat this for ever domain you want to add.
 

jonwatson

Well-Known Member
Apr 1, 2007
101
1
168
This totally does not work. As soon as you try to enter the second UCC, WHM errors out with:

[domain protected] is already configured for SSL on 184.106.220.195.
Only one SSL VirtualHost is allowed per IP address!
[domain protected] is already configured for SSL on 184.106.220.195. Only one SSL VirtualHost is allowed per IP address!

SSL Install aborted due to error.
What version of WHM are you using where this works?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
42
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
You could do this by doing the following outside of WHM:

1. Copy the initial SSL in /var/cpanel/userdata/nobody/domain.com_SSL location to /var/cpanel/userdata/username location

2. Change the domain to the new domain name for the file (so /var/cpanel/userdata/username/newdomain.com_SSL would be the new name).

3. Edit the file newdomain.com_SSL to change all instances of nobody to the username for that domain and then changing /usr/local/apache/htdocs to the actual document root (/home/username/public_html/).

4. Copy the /etc/ssl/certs/ files from domain.com.crt and domain.com.cabundle to newdomain.com.crt and newdomain.com.cabundle

5. Copy the /etc/ssl/private/ file from domain.com.key to newdomain.com.key

After making those changes, then rebuild and restart Apache:

Code:
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak101030
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart
It will complain about the multiple virtual host entries, but it will rebuild and should work regardless.
 

colonelclick

Registered
Aug 29, 2011
2
0
51
I have gone through these instructions precisely several times. When I get to the step for rebuilding Apache, it gives a message that it was rebuilt, but when I check the conf file, I do not see the new information that I would expect to be there for the second domain.

Can anyone shed light on this? Or do you have a paid service that can install our GoDaddy UCC for us?

Thanks.

Edit: I want to add that I was able to get it working by adding the lines in the conf by hand, but I am worried this will cause me to lose the changes next time cpanel rebuilds so I would like to get them into the proper flow.


You could do this by doing the following outside of WHM:

1. Copy the initial SSL in /var/cpanel/userdata/nobody/domain.com_SSL location to /var/cpanel/userdata/username location

2. Change the domain to the new domain name for the file (so /var/cpanel/userdata/username/newdomain.com_SSL would be the new name).

3. Edit the file newdomain.com_SSL to change all instances of nobody to the username for that domain and then changing /usr/local/apache/htdocs to the actual document root (/home/username/public_html/).

4. Copy the /etc/ssl/certs/ files from domain.com.crt and domain.com.cabundle to newdomain.com.crt and newdomain.com.cabundle

5. Copy the /etc/ssl/private/ file from domain.com.key to newdomain.com.key

After making those changes, then rebuild and restart Apache:

Code:
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak101030
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart
It will complain about the multiple virtual host entries, but it will rebuild and should work regardless.
 
Last edited:

lyndsaym

Registered
Sep 12, 2011
1
0
51
cPanel Access Level
Root Administrator
Thanks to all above who have contributed to this. You've all provided the info I needed to get this working, after several frustrating days.

Edit: I want to add that I was able to get it working by adding the lines in the conf by hand, but I am worried this will cause me to lose the changes next time cpanel rebuilds so I would like to get them into the proper flow.
I have a solution based on the posts above, that solves colonelclick's problem, and simplifies some of the method also, if you can't get it working entirely within WHM/cpanel:

Obtain, download and install a UCC certificate as described above, but including all the domains (Subject Alternate Names) you need. Quoting from goseese so it's all in one place:

{quote}
1) after you purchase your UCC certificate and apply the credit. Generate A CSR as normal from WHM for 1 domain. Use that CSR to generate your initial SSL. Lets call the initial domain www.domain1.com

It is very important that you keep your original key, you will need this later.

2) Once your initial domain name has been vetted download the certificate, select cPanel as the type.

3) install the certificate using the "Install a SSL Certificate and Setup the Domain" tab in WHM. Paste in the certificate. WHM will auto fill the domain and user. Change the domain to www.domain1.com if not already set to that. Change the user to nobody, the IP address should be correctly set to the IP address of domain1.com

4) Paste in your original key, if you don't do this your certificate will say its an invalid self signed cert.

5) Paste in the bundle in the space provided

6) Hit submit. That should complete domain1.com. Test it by going to https://domain1.com

At that point, any attempts to access your VirtualHosts with https should send you to the primary domain of the SSL certificate.
{/quote}

Next:

1. Open your httpd.conf (/usr/local/apache/conf/httpd.conf) and copy the VirtualHost definition for your primary SSL VirtualHost to a text file. (You don't necessarily need to back it up, you're not going to change or save it.)

2. Edit the new file, copying the VirtualHost there for each other VirtualHost that you want to provide SSL for
- Change each reference to domain1.com to domain2.com, etc, EXCEPT for the references to the SSL certificate.
Leave those as they are, so you don't need to copy the certificate files anywhere else.
- Change the username and user group for the domain, the admin email address etc if necessary, etc.

3. Copy the file to your clipboard. Navigate to WHM/Apache configuration/Include editor. Go to the section "Post VirtualHost Include", select "All Apache versions", and paste your new file into the box there, and click update.

4. Restart Apache, (either there in WHM, or by /etc/init.d/httpd restart). You should now have working SSL VirtualHosts for each one you defined in the include file. You'll have to maintain those by hand, but you haven't interfered with you primary SSL domain, or any of your http domains. And if you save a copy of the include file, you'll have a clean rollback position next time you change it.

One more hint, if you need to update the certificate later to include more SANs, and WHM refuses to clean out the old ones (as I found, and so did the many others whose frustrated postings I've read elsewhere), just download the new files, and replace them directly in /etc/ssl/certs/. As long as the filenames in the httpd.conf include file you created match, and the server key remains the same, all will be well :)
 

colonelclick

Registered
Aug 29, 2011
2
0
51
3. Copy the file to your clipboard. Navigate to WHM/Apache configuration/Include editor. Go to the section "Post VirtualHost Include", select "All Apache versions", and paste your new file into the box there, and click update.
Awesome, great addition to this process that should help preserve changes.

One more hint, if you need to update the certificate later to include more SANs, and WHM refuses to clean out the old ones (as I found, and so did the many others whose frustrated postings I've read elsewhere),
I want to add that deleting these by hand is quite simple, you will see them cluttering up your /etc/ssl/certs/ and /etc/ssl/private/ paths with names matching the files in WHM. I just deleted them by hand and they disappeared from WHM.
 

hermes369

Member
Jan 2, 2009
6
0
51
1. Open your httpd.conf (/usr/local/apache/conf/httpd.conf) and copy the VirtualHost definition for your primary SSL VirtualHost to a text file. (You don't necessarily need to back it up, you're not going to change or save it.)
2. Edit the new file, copying the VirtualHost there for each other VirtualHost that you want to provide SSL for
- Change each reference to domain1.com to domain2.com, etc, EXCEPT for the references to the SSL certificate.
Leave those as they are, so you don't need to copy the certificate files anywhere else.
- Change the username and user group for the domain, the admin email address etc if necessary, etc.
Sorry for my noobishness; but, won't there be overlapping conf directives if one copies all of the stanzas from the default? Should one not just alter the existing httpd.conf file and run the distiller? Again, I apologize if I'm being ignorant.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
42
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
You should not directly edit the httpd.conf file itself.for those VirtualHost directives. They are in /var/cpanel/userdata/username/domain.com or sub.domain.com location and should be edited there instead.
 

hermes369

Member
Jan 2, 2009
6
0
51
Thanks for the quick followup. I've followed the instructions; but, I'm getting nowhere fast. The path mentioned in my httpd.conf file is included at the bottom of the default domain's ssl stanza:

Code:
# To customize this VirtualHost use an include file at the following location
# Include "/usr/local/apache/conf/userdata/ssl/2/nobody/mydomain1.com/*.conf"
Should I create
Code:
userdata/ssl/2/mydomain2/mydomain2.org/
directories and include it in the Include Editor in Post VirtualHost Config?

I have tried the instructions from post #14(I think it's 14) using Main >> Service Configuration >> Apache Configuration >> Include Editor >> Post VirtualHost Config but I still get directed to the "Default Web Site Page".

I appreciate your help. Thanks!
 

LRM67

Registered
Dec 14, 2011
2
0
51
cPanel Access Level
Root Administrator
This is a second attempt to add this post- it didn't show up the first time. So if it turns up twice, sorry - I'll delete one.

This just isn't working for me... hopefully someone can see why or give me further instructions.
My situation:
I have a main domain and two addon domains set up under one cPanel user and one dedicated IP.
I have a UCC from godaddy with the main domain as the first name and containing the other two domains (and some others I intend on moving over at later dates). The certificate is installed and works for the main domain - domain1.com.

I attempted to get domain2.com https accessible by following the instructions from post #12: copying, renaming and editing the files as mentioned there. Rebuilt and restarted. The followed the instructions from post #14 to add it as an vhost include and restarted Apache.

It seemed to have worked but then I found domain1.com was now redirected to domain2.com when trying to access it with https.

Next I went through all the steps a second time for domain3.com... the restart now threw a warning
Code:
 [warn] VirtualHost ##.##.##.##:443 overlaps with VirtualHost ##.##.##.##:443, the first has precedence, perhaps you need a NameVirtualHost directive
When I tested I found that domain1.com and domain3.com both redirect to domain2.com when accessed as https...
I reset everything back to the way it was initially and tried again with the same results.

So now I'm stuck and don't know if I understood the setup or changes incorrectly or just messed up somewhere. I've been at this (including searching and research) for days now and I'm getting really frustrated over something that looks like it should be fairly straightforward.