The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HTTPS Links for Sites Without AutoSSL Redirecting to Site With AutoSSL?

Discussion in 'Security' started by linux4me2, Sep 19, 2016.

Tags:
  1. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    81
    Likes Received:
    14
    Trophy Points:
    8
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I have one site, call it domainwithAutoSSL.com, on a shared IP address set up with AutoSSL. HTTPS is working just fine on that site. None of the other sites on that shared IP address have AutoSSL.

    DomainwithAutoSSL.com happens to be a WordPress test site, and I was testing WordFence on it. I noticed that in WordFence's Live Traffic, other sites on the server that share the same IP address were showing up in the logs. All the URLs were HTTPS URLs that various search 'bots were testing.

    If I try to browse to one of the HTTPS URLs that's erroneously showing up in the Live Traffic logs, I'm not redirected to domainwithAutoSSL.com. I'm taken to the correct domain and see the expected "Your connection is not secure" message from Firefox, so redirect issues don't seem to be the problem.

    I found this post on WordFence's support site, which suggested the problem was with the virtual hosts on my managed VPS. I contacted my web host, and they say that there is no problem with the virtual host setup. They think the issue is with AutoSSL, and suggested I activate AutoSSL on all the sites on that IP, or just use it on domains that have dedicated IP addresses.

    Now, it's my impression from reading the docs that AutoSSL should work just fine on a shared IP address, and redirects from non-AutoSSL sites using HTTPS URLs would not be an issue. Is there something I'm missing?
     
  2. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    81
    Likes Received:
    14
    Trophy Points:
    8
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I take it back, if I go to one of the non-AutoSSL sites and bypass the security warning, I am taken to domainwithAutoSSL.com, so it appears you have to either be using a dedicated IP address or have to enable AutoSSL for all the sites on a shared IP. Bummer.

    So is that the way it's supposed to work, or is something broken?
     
  3. linux4me

    linux4me Member

    Joined:
    Jul 14, 2007
    Messages:
    20
    Likes Received:
    1
    Trophy Points:
    1
    Thank you, Michael.

    So if you want to use AutoSSL on a shared IP and avoid HTTPS URLs for unsecured sites from redirecting to a secured site on that IP, you need to either:
    1. Make sure all domains and subdomains on the shared IP have valid AutoSSL certificates.
    2. Follow the instructions in the document article you linked to above. (Which looks to my inexperienced eyes like it won't work if each domain on the shared IP has its own AutoSSL cert because the code snippet points to a single certificate.)
    It seems to me that if I have a spare IP address on the server, the best thing to do is to move all the sites I want to secure with SSL to that IP address, or to continue to use a dedicated IP for each SSL site as I did before AutoSSL?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Yes, this is the best course of action if changing an account's IP address is a viable option on your server. Otherwise, like you mentioned, you would need to ensure each domain name uses it's own SSL certificate.

    Thank you.
     
    linux4me2 likes this.
  5. linux4me

    linux4me Member

    Joined:
    Jul 14, 2007
    Messages:
    20
    Likes Received:
    1
    Trophy Points:
    1
    I'm afraid I'm overlooking something. Why wouldn't changing an account's IP address be a viable option if I have an extra IP I can use just for AutoSSL domains?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    It is in-fact an option you can use to address the issue. In some cases, administrators do not have access to more than one IP address on the server.

    Thanks!
     
    linux4me2 likes this.
Loading...

Share This Page