SOLVED Help Installing Multiple SSL Certificates on a single IP

[madtownlems]

Hello!

I have been struggling with this for weeks, and finally created an account here to hopefully get this resolved.

We are running WordPress Multisite, serving multiple domains from the same instance of WordPress (so, all under one cpanel account).

Examples:
bar.foo.edu
sample.blogs.foo.edu
example.org

We have two wildcard certificates: *.foo.edu, and *.blogs.foo.edu. We're willing to purchase additional SSL certificates for things like example.org.

I'm under the impression that I should be able to install multiple SSL certificates on the account / IP that they share, and the server can use SNI to determine which certificate to use based on which domain is being accessed.

We're running CENTOS 6.9 x86_64 standard

Is my understanding correct, and that this should be viable? Could someone help me understand how to actually install multiple SSL certificates to this single account/IP?

Thank you!

 

[cPanelMichael]

Is my understanding correct, and that this should be viable? Could someone help me understand how to actually install multiple SSL certificates to this single account/IP?

Hello,

When installing the SSL certificate for the subdomain, you should first browse to the "SSL/TLS" option in cPanel. Then, click on the "Manage SSL Sites" option. Click on "Browse Certificates" and choose your wildcard certificate so that certificate data is populated in the open fields. Then, change the domain name field to the specific subdomain you are installing the wildcard certificate on and proceed to click on "Install Certificate".

Thank you.

 

[madtownlems]

Trying to follow your advice, I've done the following:

"Install an SSL Certificate on a Domain"

Browse Certificates.

Selected my *.foo.edu certificate

Change the domain to be "sample.foo.edu"

And I get the following error:

The domain “sample.foo.edu” is not managed on this server. You must specify an IP address to install SSL for “sample.foo.edu” or set up this domain on a new account, or create it as parked domain, a subdomain, or an addon domain of an existing account, and try again.

Currently, sample.foo.edu is set as an A Record to point at the same IP used by a different account: sample.bar.foo.edu
So sample.foo.edu IS pointing at the server, IS serving content from the server, even though there is no account associated with it on the server.

 

[cPanelMichael]

Hello,

Since you are installing the SSL certificate on a different IP address, try installing it through WHM instead:

"WHM Home » SSL/TLS » Install an SSL Certificate on a Domain"

Ensure to enter the IP address associated with the account the subdomain is serving it's content from.

Thank you.

 

[madtownlems]

> Since you are installing the SSL certificate on a different IP address,

I'm actually not installing the SSL certificate on a different IP address: all of the above domains use the same account and same IP address.

Let me try to ask a simplified question and see if the solution gives me enough to go on.

I want two wildcard certs: *.foo.edu and *.bar.foo.edu

I would like to install both wildcard certificates on the same cpanel account, on the same IP.

I have created an account with the domain:
sub.bar.foo.edu and installed the *.bar.foo.edu ssl certificate: ssl works great

I'd like sub.foo.edu to point at the same IP, and use the exact same webroot as sub.bar.foo.edu. To do this, I've Parked sub.foo.edu on top of sub.bar.foo.edu. Accessing that URL shows me the content from the document root as expected, but SSL does not function because the certificate doesn't match.

If I install the *.foo.edu certificate on the domain, SSL works when accessing via the sub.foo.edu, however, SSL no longer works when accessed via sub.bar.foo.edu. If I re-install the *.bar.foo.edu SSL certificate, it flip flops. It doesn't seem to want to have BOTH wildcard certs on at the same time.

Thank you so much for taking the time to help

 

[cPanelMichael]

To do this, I've Parked sub.foo.edu on top of sub.bar.foo.edu.

This is likely what's leading to the issue you have described. Parked domains (aliases) cannot have their own separate SSL certificate because they do not have their own Virtual Host. You would have to remove the domain name as a parked domain and add it as an addon domain to allow for the installation of it's own SSL certificate.

Thank you.

 

[madtownlems]

> You would have to remove the domain name as a parked domain and add it as an addon domain to allow for the installation of it's own SSL certificate.

I believe I've finally got it working. Thank you so much.

 

[cPanelMichael]

Hello,

I'm glad to see that helped. Thank you for updating us with the outcome.