Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Help Installing Multiple SSL Certificates on a single IP

Discussion in 'Security' started by madtownlems, Aug 21, 2017.

Tags:
  1. madtownlems

    madtownlems Member

    Joined:
    Aug 21, 2017
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Madison, WI
    cPanel Access Level:
    Root Administrator
    Hello!

    I have been struggling with this for weeks, and finally created an account here to hopefully get this resolved.

    We are running WordPress Multisite, serving multiple domains from the same instance of WordPress (so, all under one cpanel account).

    Examples:
    bar.foo.edu
    sample.blogs.foo.edu
    example.org

    We have two wildcard certificates: *.foo.edu, and *.blogs.foo.edu. We're willing to purchase additional SSL certificates for things like example.org.

    I'm under the impression that I should be able to install multiple SSL certificates on the account / IP that they share, and the server can use SNI to determine which certificate to use based on which domain is being accessed.

    We're running CENTOS 6.9 x86_64 standard

    Is my understanding correct, and that this should be viable? Could someone help me understand how to actually install multiple SSL certificates to this single account/IP?

    Thank you!
     
    #1 madtownlems, Aug 21, 2017
    Last edited by a moderator: Aug 21, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    When installing the SSL certificate for the subdomain, you should first browse to the "SSL/TLS" option in cPanel. Then, click on the "Manage SSL Sites" option. Click on "Browse Certificates" and choose your wildcard certificate so that certificate data is populated in the open fields. Then, change the domain name field to the specific subdomain you are installing the wildcard certificate on and proceed to click on "Install Certificate".

    Thank you.
     
  3. madtownlems

    madtownlems Member

    Joined:
    Aug 21, 2017
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Madison, WI
    cPanel Access Level:
    Root Administrator
    Trying to follow your advice, I've done the following:

    "Install an SSL Certificate on a Domain"

    Browse Certificates.

    Selected my *.foo.edu certificate

    Change the domain to be "sample.foo.edu"

    And I get the following error:

    The domain “sample.foo.edu” is not managed on this server. You must specify an IP address to install SSL for “sample.foo.edu” or set up this domain on a new account, or create it as parked domain, a subdomain, or an addon domain of an existing account, and try again.

    Currently, sample.foo.edu is set as an A Record to point at the same IP used by a different account: sample.bar.foo.edu
    So sample.foo.edu IS pointing at the server, IS serving content from the server, even though there is no account associated with it on the server.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Since you are installing the SSL certificate on a different IP address, try installing it through WHM instead:

    "WHM Home » SSL/TLS » Install an SSL Certificate on a Domain"

    Ensure to enter the IP address associated with the account the subdomain is serving it's content from.

    Thank you.
     
  5. madtownlems

    madtownlems Member

    Joined:
    Aug 21, 2017
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Madison, WI
    cPanel Access Level:
    Root Administrator
    > Since you are installing the SSL certificate on a different IP address,

    I'm actually not installing the SSL certificate on a different IP address: all of the above domains use the same account and same IP address.

    Let me try to ask a simplified question and see if the solution gives me enough to go on.

    I want two wildcard certs: *.foo.edu and *.bar.foo.edu

    I would like to install both wildcard certificates on the same cpanel account, on the same IP.

    I have created an account with the domain:
    sub.bar.foo.edu and installed the *.bar.foo.edu ssl certificate: ssl works great

    I'd like sub.foo.edu to point at the same IP, and use the exact same webroot as sub.bar.foo.edu. To do this, I've Parked sub.foo.edu on top of sub.bar.foo.edu. Accessing that URL shows me the content from the document root as expected, but SSL does not function because the certificate doesn't match.

    If I install the *.foo.edu certificate on the domain, SSL works when accessing via the sub.foo.edu, however, SSL no longer works when accessed via sub.bar.foo.edu. If I re-install the *.bar.foo.edu SSL certificate, it flip flops. It doesn't seem to want to have BOTH wildcard certs on at the same time.

    Thank you so much for taking the time to help
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    This is likely what's leading to the issue you have described. Parked domains (aliases) cannot have their own separate SSL certificate because they do not have their own Virtual Host. You would have to remove the domain name as a parked domain and add it as an addon domain to allow for the installation of it's own SSL certificate.

    Thank you.
     
  7. madtownlems

    madtownlems Member

    Joined:
    Aug 21, 2017
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Madison, WI
    cPanel Access Level:
    Root Administrator
    > You would have to remove the domain name as a parked domain and add it as an addon domain to allow for the installation of it's own SSL certificate.

    I believe I've finally got it working. Thank you so much.
     
    cPanelMichael likes this.
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm glad to see that helped. Thank you for updating us with the outcome.
     
Loading...

Share This Page