Godaddy UCC multiple Domain SSL and WHM

clk320

Member
Mar 9, 2012
8
0
51
cPanel Access Level
Root Administrator
Re: Generate CSR for godaddy UCC SSL for multiple domains having different

3) install the certificate using the "Install a SSL Certificate and Setup the Domain" tab in WHM. Paste in the certificate. WHM will auto fill the domain and user. Change the domain to www.domain1.com if not already set to that. Change the user to nobody, the IP address should be correctly set to the IP address of domain1.com.
What are the security implications of changing the user to nobody?

Thanks
 

MRaburn

Registered
Sep 20, 2006
1
0
151
I had read over this and attempted this, and all the while had wondered about using the same IP as some instructions had typed, it may have been in error. As I understand is Apache requires a unique IP per port 443 instance.

I went through these solutions and found that I would get errors unless each domain was on a seperate IP. So make sure you do this and it should work.

Some of the instructions said use same ip as domain1 for domain2, don't do this and all should work.

Each domain needs its OWN IP.

So when modifying the VIRTUAL HOST reqs be sure to change the IP as well to where the main non SSL domain is sitting, making sure it is on its own IP.
 

rezman

Well-Known Member
Feb 3, 2011
45
0
56
USA
cPanel Access Level
Root Administrator
I had read over this and attempted this, and all the while had wondered about using the same IP as some instructions had typed, it may have been in error. As I understand is Apache requires a unique IP per port 443 instance.

I went through these solutions and found that I would get errors unless each domain was on a seperate IP. So make sure you do this and it should work.

Some of the instructions said use same ip as domain1 for domain2, don't do this and all should work.

Each domain needs its OWN IP.

So when modifying the VIRTUAL HOST reqs be sure to change the IP as well to where the main non SSL domain is sitting, making sure it is on its own IP.
Few problems with this..

1. WHM only allows you to assign an IP to a Cpanel account, not a domain. If you have several addon domains added to the same Cpanel account then they all get the same IP address.

2. If you manually try to change the IP by editing configs then you risk those being reverted back by Cpanel rebuilding the configs OR if you have several people managing the Cpanel server, one of them might try to assign one of the IPs you manually set on Cpanel account A to some other account. Again rebuilding configs and breaking things.

I hope at some point Cpanel will allow you to assign an IP to a domain and not just an entire account.
 

Matthew271

Member
Jul 27, 2012
12
0
1
cPanel Access Level
Root Administrator
I followed these instructions. The code is listed below for my example2.com domain (Virtual Host Definition). Although Internet Explorer 9 still gives me a warning when I go to the site. What did I do wrong?

Code:
<VirtualHost 50.63.116.135:443>
    ServerName a2bbrokers.com
    ServerAlias a2bbrokers.com
    DocumentRoot /home/umtdirec/public_html
    ServerAdmin [email protected]
    UseCanonicalName Off
    CustomLog /usr/local/apache/domlogs/umtdirect.com combined
    CustomLog /usr/local/apache/domlogs/umtdirect.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    ## User umtdirec # Needed for Cpanel::ApacheConf
    <IfModule mod_suphp.c>
        suPHP_UserGroup umtdirec umtdirec
    </IfModule>
    <IfModule !mod_disable_suexec.c>
        <IfModule !mod_ruid2.c>
            SuexecUserGroup umtdirec umtdirec
        </IfModule>
    </IfModule>
    <IfModule mod_ruid2.c>
        RUidGid umtdirec umtdirec
    </IfModule>
    ScriptAlias /cgi-bin/ /home/umtdirec/public_html/cgi-bin/
    SSLEngine on

    SSLCertificateFile /etc/ssl/certs/www.umtdirect.com.crt
    SSLCertificateKeyFile /etc/ssl/private/www.umtdirect.com.key
        SSLCACertificateFile /etc/ssl/certs/www.umtdirect.com.cabundle
    CustomLog /usr/local/apache/domlogs/umtdirect.com-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    <Directory "/home/umtdirec/public_html/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/ssl/2/umtdirec/umtdirect.com/*.conf"

</VirtualHost>
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
Is the domain a2bbrokers.com actually at /home/umtdirec/public_html location? If not, revise the /var/cpanel/userdata/username/a2bbrokers.com_SSL file to be the right paths for that domain for every instance where it has the umtdirec user.

Next, review the /var/cpanel/userdata/username/a2bbrokers.com_SSL file to have the /etc/ssl/private and /etc/ssl/certs listed as the domain it is. This is a UCC certificate, so it needs to point the domain name for the certificate (these should have been copied from the original /http://www.umtdirect.com files for the cert following the prior post about how to install these).
 

Matthew271

Member
Jul 27, 2012
12
0
1
cPanel Access Level
Root Administrator
The original crt bundle domain name is umtdirect.com, and a2bbrokers is the alt domain. I have them installed. They do point to the same directory. They are also on the same IP address. I changed ServerName and ServerAlias to the a2bbrokers.com which is example2.com for the virtual host directory include file. Am I suppose to change anything else, because it still gives me a certificate error when I go to a2bbrokers.com?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
Yes, you need to change /var/cpanel/userdata/umtdirec/a2bbrokers.com_SSL to have the /etc/ssl/certs and /etc/ssl/private paths point to the a2bbrokers.com domain rather than the umtdirect.com domain as I stated in my second paragraph above. The information you posted shows it is pointing to the other domain. You need it to be pointing to the certs for this domain.

So basically, look for any instances in /var/cpanel/userdata/umtdirec/a2bbrokers.com_SSL of umtdirect.com and change every instance to a2bbrokers.com
 

Matthew271

Member
Jul 27, 2012
12
0
1
cPanel Access Level
Root Administrator
When I edit /var/cpanel/userdata/umtdirec/a2bbrokers_SSL and change umtdirect.com to a2bbrokers.com I get this error in WHM. An error occurred while running: /usr/local/apache/bin/httpd -DSSL -t -f /usr/local/apache/conf/httpd.conf Exit signal was: 0 Exit value was: 1 Output was: --- Syntax error on line 24 of /usr/local/apache/conf/includes/post_virtualhost_2.conf: SSLCertificateFile: file '/etc/ssl/certs/www.a2bbrokers.com.crt' does not exist or is empty --- Please Help. What am I doing wrong here?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
Did you copy the certificate for /etc/ssl/certs/www.umtdirect.com.crt to /etc/ssl/certs/www.a2bbrokers.com.crt as was instructed in my post on the prior page to do for the guide? I even mentioned it again on this page.

(these should have been copied from the original www.umtdirect.com files for the cert following the prior post about how to install these)
If you are going to have paths to an SSL certificate, the paths must be correct for a certificate that exists. You need to copy the certificate to match the domain name. All you have to do is this:

Code:
cp /etc/ssl/certs/www.umtdirect.com.crt /etc/ssl/certs/www.a2bbrokers.com.crt
cp /etc/ssl/certs/www.umtdirect.com.cabundle /etc/ssl/certs/www.a2bbrokers.com.cabundle
cp /etc/ssl/private/www.umtdirect.com.key /etc/ssl/private/www.a2bbrokers.com.key
 

pro-data

Registered
Mar 25, 2013
1
0
1
cPanel Access Level
Root Administrator
OK, I've spent the entire day trying every combination of all the posts (#10, #12, #14, and a few others) that say this is the procedure to get a 5 Domain GoDaddy UCC SSL Certificate to work, and I've had partial success. The problem I've got is if I try https://domain1.com, https://domain2.com , https://domain3.com I end up on a Default Page with this as a path /cgi-sys/defaultwebpage.cgi, but with what appears to be a Valid SSL Cert instead of the /home/username/public_html/ folder.

Can someone please compile all the pieces of these instructions into something that truly works without having to jump through all these hoops. I've copied the .key, .crt, .cabundle and _SSL files, renamed the domains and the users and the paths and Rebuilt/Restarted Apache. I'm about to loose my mind I think. Please Help!
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
Hello,

Could you please clarify exact what you've set in each file for us to see what you've done? We are going to need very specific details, including the contents of one of the domain.com_SSL files and the path for that file.

Thanks!