Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Godaddy UCC multiple Domain SSL and WHM

Discussion in 'General Discussion' started by leeburstroghm, Dec 12, 2008.

  1. clk320

    clk320 Member

    Joined:
    Mar 9, 2012
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    Re: Generate CSR for godaddy UCC SSL for multiple domains having different

    What are the security implications of changing the user to nobody?

    Thanks
     
  2. MRaburn

    MRaburn Registered

    Joined:
    Sep 20, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    151
    I had read over this and attempted this, and all the while had wondered about using the same IP as some instructions had typed, it may have been in error. As I understand is Apache requires a unique IP per port 443 instance.

    I went through these solutions and found that I would get errors unless each domain was on a seperate IP. So make sure you do this and it should work.

    Some of the instructions said use same ip as domain1 for domain2, don't do this and all should work.

    Each domain needs its OWN IP.

    So when modifying the VIRTUAL HOST reqs be sure to change the IP as well to where the main non SSL domain is sitting, making sure it is on its own IP.
     
  3. rezman

    rezman Well-Known Member

    Joined:
    Feb 3, 2011
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Few problems with this..

    1. WHM only allows you to assign an IP to a Cpanel account, not a domain. If you have several addon domains added to the same Cpanel account then they all get the same IP address.

    2. If you manually try to change the IP by editing configs then you risk those being reverted back by Cpanel rebuilding the configs OR if you have several people managing the Cpanel server, one of them might try to assign one of the IPs you manually set on Cpanel account A to some other account. Again rebuilding configs and breaking things.

    I hope at some point Cpanel will allow you to assign an IP to a domain and not just an entire account.
     
  4. Matthew271

    Matthew271 Member

    Joined:
    Jul 27, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I followed these instructions. The code is listed below for my example2.com domain (Virtual Host Definition). Although Internet Explorer 9 still gives me a warning when I go to the site. What did I do wrong?

    Code:
    <VirtualHost 50.63.116.135:443>
        ServerName a2bbrokers.com
        ServerAlias a2bbrokers.com
        DocumentRoot /home/umtdirec/public_html
        ServerAdmin webmaster@domain.com
        UseCanonicalName Off
        CustomLog /usr/local/apache/domlogs/umtdirect.com combined
        CustomLog /usr/local/apache/domlogs/umtdirect.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
        ## User umtdirec # Needed for Cpanel::ApacheConf
        <IfModule mod_suphp.c>
            suPHP_UserGroup umtdirec umtdirec
        </IfModule>
        <IfModule !mod_disable_suexec.c>
            <IfModule !mod_ruid2.c>
                SuexecUserGroup umtdirec umtdirec
            </IfModule>
        </IfModule>
        <IfModule mod_ruid2.c>
            RUidGid umtdirec umtdirec
        </IfModule>
        ScriptAlias /cgi-bin/ /home/umtdirec/public_html/cgi-bin/
        SSLEngine on
    
        SSLCertificateFile /etc/ssl/certs/www.umtdirect.com.crt
        SSLCertificateKeyFile /etc/ssl/private/www.umtdirect.com.key
            SSLCACertificateFile /etc/ssl/certs/www.umtdirect.com.cabundle
        CustomLog /usr/local/apache/domlogs/umtdirect.com-ssl_log combined
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        <Directory "/home/umtdirec/public_html/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
    
        # To customize this VirtualHost use an include file at the following location
        # Include "/usr/local/apache/conf/userdata/ssl/2/umtdirec/umtdirect.com/*.conf"
    
    </VirtualHost>
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,606
    Likes Received:
    33
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Is the domain a2bbrokers.com actually at /home/umtdirec/public_html location? If not, revise the /var/cpanel/userdata/username/a2bbrokers.com_SSL file to be the right paths for that domain for every instance where it has the umtdirec user.

    Next, review the /var/cpanel/userdata/username/a2bbrokers.com_SSL file to have the /etc/ssl/private and /etc/ssl/certs listed as the domain it is. This is a UCC certificate, so it needs to point the domain name for the certificate (these should have been copied from the original /http://www.umtdirect.com files for the cert following the prior post about how to install these).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Matthew271

    Matthew271 Member

    Joined:
    Jul 27, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    The original crt bundle domain name is umtdirect.com, and a2bbrokers is the alt domain. I have them installed. They do point to the same directory. They are also on the same IP address. I changed ServerName and ServerAlias to the a2bbrokers.com which is example2.com for the virtual host directory include file. Am I suppose to change anything else, because it still gives me a certificate error when I go to a2bbrokers.com?
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,606
    Likes Received:
    33
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Yes, you need to change /var/cpanel/userdata/umtdirec/a2bbrokers.com_SSL to have the /etc/ssl/certs and /etc/ssl/private paths point to the a2bbrokers.com domain rather than the umtdirect.com domain as I stated in my second paragraph above. The information you posted shows it is pointing to the other domain. You need it to be pointing to the certs for this domain.

    So basically, look for any instances in /var/cpanel/userdata/umtdirec/a2bbrokers.com_SSL of umtdirect.com and change every instance to a2bbrokers.com
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Matthew271

    Matthew271 Member

    Joined:
    Jul 27, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    This might be a dumb question, but how do I access /var/cpanel/userdata/umtdirec/a2bbrokers.com_SSL through Putty so I can make the necessary changes?
     
  9. Matthew271

    Matthew271 Member

    Joined:
    Jul 27, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    When I edit /var/cpanel/userdata/umtdirec/a2bbrokers_SSL and change umtdirect.com to a2bbrokers.com I get this error in WHM. An error occurred while running: /usr/local/apache/bin/httpd -DSSL -t -f /usr/local/apache/conf/httpd.conf Exit signal was: 0 Exit value was: 1 Output was: --- Syntax error on line 24 of /usr/local/apache/conf/includes/post_virtualhost_2.conf: SSLCertificateFile: file '/etc/ssl/certs/www.a2bbrokers.com.crt' does not exist or is empty --- Please Help. What am I doing wrong here?
     
  10. cPanelTristan

    cPanelTristan Quality Assurance Analyst Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,606
    Likes Received:
    33
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Did you copy the certificate for /etc/ssl/certs/www.umtdirect.com.crt to /etc/ssl/certs/www.a2bbrokers.com.crt as was instructed in my post on the prior page to do for the guide? I even mentioned it again on this page.

    If you are going to have paths to an SSL certificate, the paths must be correct for a certificate that exists. You need to copy the certificate to match the domain name. All you have to do is this:

    Code:
    cp /etc/ssl/certs/www.umtdirect.com.crt /etc/ssl/certs/www.a2bbrokers.com.crt
    cp /etc/ssl/certs/www.umtdirect.com.cabundle /etc/ssl/certs/www.a2bbrokers.com.cabundle
    cp /etc/ssl/private/www.umtdirect.com.key /etc/ssl/private/www.a2bbrokers.com.key
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. pro-data

    pro-data Registered

    Joined:
    Mar 25, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    OK, I've spent the entire day trying every combination of all the posts (#10, #12, #14, and a few others) that say this is the procedure to get a 5 Domain GoDaddy UCC SSL Certificate to work, and I've had partial success. The problem I've got is if I try https://domain1.com, https://domain2.com , https://domain3.com I end up on a Default Page with this as a path /cgi-sys/defaultwebpage.cgi, but with what appears to be a Valid SSL Cert instead of the /home/username/public_html/ folder.

    Can someone please compile all the pieces of these instructions into something that truly works without having to jump through all these hoops. I've copied the .key, .crt, .cabundle and _SSL files, renamed the domains and the users and the paths and Rebuilt/Restarted Apache. I'm about to loose my mind I think. Please Help!
     
  12. cPanelTristan

    cPanelTristan Quality Assurance Analyst Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,606
    Likes Received:
    33
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you please clarify exact what you've set in each file for us to see what you've done? We are going to need very specific details, including the contents of one of the domain.com_SSL files and the path for that file.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice