HTTPS Links for Sites Without AutoSSL Redirecting to Site With AutoSSL?

[linux4me2]

I have one site, call it domainwithAutoSSL.com, on a shared IP address set up with AutoSSL. HTTPS is working just fine on that site. None of the other sites on that shared IP address have AutoSSL.

DomainwithAutoSSL.com happens to be a WordPress test site, and I was testing WordFence on it. I noticed that in WordFence's Live Traffic, other sites on the server that share the same IP address were showing up in the logs. All the URLs were HTTPS URLs that various search 'bots were testing.

If I try to browse to one of the HTTPS URLs that's erroneously showing up in the Live Traffic logs, I'm not redirected to domainwithAutoSSL.com. I'm taken to the correct domain and see the expected "Your connection is not secure" message from Firefox, so redirect issues don't seem to be the problem.

I found this post on WordFence's support site, which suggested the problem was with the virtual hosts on my managed VPS. I contacted my web host, and they say that there is no problem with the virtual host setup. They think the issue is with AutoSSL, and suggested I activate AutoSSL on all the sites on that IP, or just use it on domains that have dedicated IP addresses.

Now, it's my impression from reading the docs that AutoSSL should work just fine on a shared IP address, and redirects from non-AutoSSL sites using HTTPS URLs would not be an issue. Is there something I'm missing?

 

[linux4me2]

I take it back, if I go to one of the non-AutoSSL sites and bypass the security warning, I am taken to domainwithAutoSSL.com, so it appears you have to either be using a dedicated IP address or have to enable AutoSSL for all the sites on a shared IP. Bummer.

So is that the way it's supposed to work, or is something broken?

 

[cPanelMichael]

Hello,

This is answered on the following document:

My certificate installed, but visitors who try to securely access other sites on the shared IP address can only see the site with an installed SSL certificate, not my default domain.

Let us know if you have any additional questions.

Thank you.

 

[linux4me]

Thank you, Michael.

So if you want to use AutoSSL on a shared IP and avoid HTTPS URLs for unsecured sites from redirecting to a secured site on that IP, you need to either:

1. Make sure all domains and subdomains on the shared IP have valid AutoSSL certificates.
2. Follow the instructions in the document article you linked to above. (Which looks to my inexperienced eyes like it won't work if each domain on the shared IP has its own AutoSSL cert because the code snippet points to a single certificate.)

It seems to me that if I have a spare IP address on the server, the best thing to do is to move all the sites I want to secure with SSL to that IP address, or to continue to use a dedicated IP for each SSL site as I did before AutoSSL?

 

[cPanelMichael]

It seems to me that if I have a spare IP address on the server, the best thing to do is to move all the sites I want to secure with SSL to that IP address, or to continue to use a dedicated IP for each SSL site as I did before AutoSSL?

Hello,

Yes, this is the best course of action if changing an account's IP address is a viable option on your server. Otherwise, like you mentioned, you would need to ensure each domain name uses it's own SSL certificate.

Thank you.

 

[linux4me]

Hello,

Yes, this is the best course of action if changing an account's IP address is a viable option on your server. Otherwise, like you mentioned, you would need to ensure each domain name uses it's own SSL certificate.

Thank you.

I'm afraid I'm overlooking something. Why wouldn't changing an account's IP address be a viable option if I have an extra IP I can use just for AutoSSL domains?

 

[cPanelMichael]

I'm afraid I'm overlooking something. Why wouldn't changing an account's IP address be a viable option if I have an extra IP I can use just for AutoSSL domains?

Hello,

It is in-fact an option you can use to address the issue. In some cases, administrators do not have access to more than one IP address on the server.

Thanks!