The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to install wildcard SSL?

Discussion in 'General Discussion' started by delphiman, Jul 10, 2012.

  1. delphiman

    delphiman Member

    Joined:
    Jan 4, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    I know this kind of questions been asked here many times and I read through every single one of them and still do not understand how to do this at all.

    I basically have a VPS server with a hosting account that has 1 dedicated IP. This hosting account has domain.com and subdomain.domain.com that points to another folder in the public_html

    So, I generate CSR key for *.domain.com and purchased the SSL from Godaddy and got the certificate and budle cert from Godaddy

    Now, my question is how do I install the certs in WHM or Cpanel for bot of my domain.com and subdomain.domain.com?

    Since both of domain.com and subdomain.domain.com are on the same IP. Do I need another IP for subdomain.domain.com? Because when I install for subdomain.domain.com I got this message

     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,622
    Likes Received:
    22
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Have you added *.domain.com to cPanel > Subdomains area first off? It has to exist for it to be used as a wildcard. '

    Next, do you already have an SSL on domain.com? Is that the SSL that is the wildcard or a different SSL?
     
  3. delphiman

    delphiman Member

    Joined:
    Jan 4, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Yes, I just added *.domain.com in the cpanel->subdomains

    The SSL is working fine with domain.com and yes it is a wildcard ssl

    What else do I need to do so that my subdomain.domain.com to run the same SSL?

    Thank you very much for your help
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,622
    Likes Received:
    22
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If you want it to use the same one, you'll have to manually do it. In /var/cpanel/userdata/username/ location copy domain.com_SSL to subdomain.domain.com_SSL and revise the paths to point to the subdomain. After doing that, then make a backup of Apache, rebuild it and restart it:

    Code:
    cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak120710
    /scripts/rebuildhttpdconf
    /etc/init.d/httpd restart
    You'll get a warning about duplicate entries, but it should still work.
     
  5. delphiman

    delphiman Member

    Joined:
    Jan 4, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    When I go to this directory /var/cpanel/userdata/username/ I see domain.com_SSL,v

    is that the correct one that I need to copy to become subdomain.domain.com_SSL?
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,622
    Likes Received:
    22
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    No, that's a shadow copy. Do you not see domain.com_SSL at all? Run a find in /var/cpanel/userdata to find it:

    Code:
    find /var/cpanel/userdata -name domain.com_SSL
     
  7. delphiman

    delphiman Member

    Joined:
    Jan 4, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    I found it in /var/cpanel/userdata/nobody/domain.com_SSL

    Should I do copy from there?
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,622
    Likes Received:
    22
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Can you cat the file contents for us to see it? That account does have a dedicated IP, right? Because it shouldn't have been installed under the username nobody if that's the case.
     
  9. delphiman

    delphiman Member

    Joined:
    Jan 4, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    The reason it has "nobody" in it because before I posted the first post of this thread and I searched this forum for some tips and one of the tips from this forum recommended to install my certificate to "nobody" account that that subdomains and main domain can be used. Did I do it wrong?

    Here is the cat of that file

    Thank you so much for your help.
     
  10. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Utah
    cPanel Access Level:
    DataCenter Provider
    Along the same lines of what CpanelTristan asked you in the last message and also per what you said, does your server actually have any dedicated IPs at all? .... it's not 100% clear by what you said above.

    The reason I ask is because many VPS providers by default only give you 1 single IP address even though they should actually give you at the absolute barebones minimum at least 2 IPs minimum. You really do need that second IP address to be able to use SSL encryption.

    If you in fact only have 1 single IP address, as is the case with a lot of vps servers, then you actually don't have any dedicated IP addresses whatsoever and your single IP address is really your main shared IP, which works a bit differently than added dedicated IPs in the cpanel system, and not very good for SSL unless you are talking about a certificate for WHM itself.

    A single "main shared IP" can actually be manually rigged for SSL if you only have one web site on the server and no others but it's buggy at best that way and generally not recommended. I would strongly advise against trying to setup SSL under the primary shared IP of the server.

    For SSL, it is really necessary and highly recommended that each site using SSL encryption have it's own unique IP address that is NOT THE SAME AS THE SERVER'S MAIN SHARED IP ADDRESS

    The next item of discussion is your mentioning "WILDCARD SSL". Just to clarify and make sure we are talking about the same thing, wildcard DNS is where you can use SSL with your subdomains on a single cpanel account such as '*.domain.com'. Those types of SSL certificates are indeed available but they are quite expensive and generally cost 5 to 10 times the price of normal regular SSL certificates.

    If that is the type of certificate you purchased, you would be able to setup SSL for each of your subdomains but they would all need to be under the same Cpanel login which has the wildcard certificate installed under the primary domain name for the account.

    That is wrong. You would only do a setup like that if you were wanting Cpanel/WHM itself to have SSL or the main shared IP default site which could also use the archaic mod_userdir (~username) notation to access sites, which is probably what the person was thinking who you read who wrote the original recommendation to setup under "nobody" and "htdocs" so all sites could have SSL under a common base domain. That kind of setup is not really recommended as it opens several significant security issues in itself which would be a very lengthy discussion to explain.
     
    #10 NetMantis, Jul 11, 2012
    Last edited: Jul 11, 2012
  11. delphiman

    delphiman Member

    Joined:
    Jan 4, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Yes, I do have 4 dedicated IPs. However, I used only 1 IP for this domain. This domain was running SSL just fine a few days ago. Since I need a SSL for my subdomain for this domain, I have to revoke my SSL on domain.com and get a new wildcard SSL so that I can use for both domain.com and subdomain.domain.com

    My big question from a newbie to you is do I need another IP for my subdomain.domain.com? or 1 IP can be used for both domain.com and subdomain.domain.com?

    Yes, I purchased Wildcard SSL from Godaddy. My subdomain is under same cpanel with my main domain

    Please help, thanks
     
  12. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Utah
    cPanel Access Level:
    DataCenter Provider
    Unless you have a whole lot of subdomains you need to setup for SSL, I'd recommend you actually not do any of what you just said.

    If you only have a few subdomains, there is a much better and cheaper way to get that working.

    Instead of getting rid of your primary domain's SSL or spending a lot of money on wildcard SSL, I would put each subdomain on their own Cpanel account as the primary domain name, each on their own unique IP address and then buy a separate certificate for each subdomain name. This would and also to make it much easier to manage your web sites in the process as an added bonus.

    It is so much simpler managing sites on their own cpanel accounts than using the subdomain function from a single Cpanel account and also avoids potential software conflicts (wordprss is notorious for issues on subdomains) and simply purchasing several separate SSL certificates for subdomains is very often a lot cheaper than purchasing 1 single wildcard SSL certificate.

    The catch is of course that you would need a separate IP for each subdomain that you have so this method of setup would only be practical if you only have a small handful of subdomains needing to be setup for SSL encryption.

    If you have an unusually large number of subdomains, then the wildcard SSL would still be the way to go for larger volume of subdomain names but as I said .. expensive and sometimes a bit buggy under Cpanel.

    Now if you are just simply looking to get SSL working to your subdomains on a single Cpanel account, one real quick and easy way to do that is by just simply not using the subdomain name when in SSL mode. Instead of https://subdomain.domain.com when you need to link to SSL, set your SSL hyperlinks to go to https://www.domain.com/subdomain/ and use the base domain for SSL and the subdomain for non-SSL connections. That's another way that could be done as well without having to setup anything at all and not having to purchase any additional SSL certificates.

    EDIT: You said you already purchased a wildcard certificate and your SSL stopped working. Be advised when you generate a new cerificate, the key used and subsequent CSR data generated must match what is on the server or SSL will be broken and won't work. Typically, you need to fully remove the previous certificate and related before you can install the new certificate. If there is a key mismatch though (common mistake) then the new certificate won't work.
     
    #12 NetMantis, Jul 11, 2012
    Last edited: Jul 11, 2012
  13. delphiman

    delphiman Member

    Joined:
    Jan 4, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    @NetMantis,

    I fully understand what you said there and it was my poor decision to purchase widlcard SSL (expensive and hard to implement) and it was my poor decision to have both sudomain and primary domain under 1 cpanel account. I only have 1 subdomain and 1 primary domain. There will be no more subdomains beside the one I have.

    When I first started doing this thing, I thought that with wildcard SSL and with the primary domain and 1 subdomain, it should be an easy task to implement but it turns out to be too much to do.

    So as of now the situation is this:

    Primary domain and subdomain is under 1 cpanel account. I already purchased the wildcard SSL. I already installed SSL for primary domain and if I go to https://www.domain.com or https://domain.com, it is working just fine. If I go to https://subdomain.domain.com, it points me to public_html directory of the domain.com. If I go to http://subdomain.domain.com then it points to the right sub-directory in public_html.

    So right now I want to know how do I fix it so that if I go to https://subdomain.domain.com it points to the right sub-directory in public_html
     
  14. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,622
    Likes Received:
    22
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    Okay, since you've now noted this existing SSL isn't the one in question, you need to remove that SSL first. Go to WHM > SSL/TLS and select Manage SSL Hosts area. Remove the SSL there for this domain.

    Next, go to the Install a SSL Certificate and Setup the Domain area. Paste in your certificate from your provider and tab to the next section. Everything should fill out showing it as *.domain.com at that point. Once it has, install the certificate onto that username ensuring the right dedicated IP is showing.

    After you've properly installed it, then copy the SSL at /var/cpanel/userdata/username/*.domain.com_SSL to subdomain.domain.com_SSL and to domain.com_SSL for each to work. Change the paths appropriately. Run the commands I mentioned earlier.

    Thanks!
     
  15. delphiman

    delphiman Member

    Joined:
    Jan 4, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Hi all,

    First of all, I like to thank you all of you for your extended help. I've learned so much for this particular topic from you.

    After much of frustration, I have decided to seprate my priamry doain and my subdomain intol two separate cpanel hosting account and each of them will have each dedicated IP and will have its own SSL. This option is much faster and better to manage and cheaper than a wildcard SSL.

    Both of them are running good now. Thanks
     
  16. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Utah
    cPanel Access Level:
    DataCenter Provider
    I am glad the information helped out .... you're welcome! :)
     
Loading...

Share This Page