Multidomain SSL & post_virtualhost_2.conf

[ehask71]

I had a thread back in 2017 where I was installing a multidomain SSL .... It is a SaaS app one codebase many domains. Well the time has come to update the SSL and for some reason post_virtualhost_2.conf has disappeared. The SSL is working for all the domains still but I cant for the life of me figure out how ...... Of course I dont have a backup of the post_virtualhost_2.conf so I guess I will be winging it hence my post

Anyway I am going to create a new CSR and get a new certificate is there a better way for me to set this up many domains on one account using the same webroot and a multidomain SSL

Here was my post from 2017 when I set it up originally
the SOLVED - SaaS Application & Multidomain SSL

Eric

 

[cPanelMichael]

Hello Eric,

We made some changes in cPanel & WHM version 68 that may relate to your customization. Here are the relevant sections from the Version 68 Release Notes:

SSL storage modification
In cPanel & WHM version 68, we redesigned the datastore for Apache’s SSL certificates and converted the database to SQLite. The new system dramatically increases the speed of SSL management and Apache-restart-times on servers that host large numbers of SSL certificates.

This update could potentially break the following two operations:

1. Custom Apache virtual host templates no longer receive the vhost.sslcertificatekeyfile variable or the vhost.sslcertificatefile variable. Instead, custom templates load all resources via the vhost.sslcertificatefile variable.
2. The contents of a virtual host’s YAML file in the /var/cpanel/userdata/ directory no longer determine the location of a virtual host’s SSL certificate. The system ignores any custom SSL path values in these files.

Custom SSL template configuration
In cPanel & WHM version 68, we disable any .local file templates that are incompatible with the new SSL certificate-loading logic. We rename these files during the upgrade.

Warnings:

• We strongly recommend that you back up any .local template customizations before you upgrade to cPanel & WHM version 68.
• If you use the /var/cpanel/templates/apache2_4/ssl_vhost.local file to override the default SSL configuration template, you must merge the changes back into the /var/cpanel/templates/apache2_4/ssl_vhost.local file after you upgrade. If you do not merge the changes, you will lose all of your customizations.
• For more information, read our Custom Templates documentation.

The certificate data for the installed SSL certificates is found in the /var/cpanel/ssl/apache_tls/ directory.

Anyway I am going to create a new CSR and get a new certificate is there a better way for me to set this up many domains on one account using the same webroot and a multidomain SSL

Are these domains hosted on the cPanel server? If so, have you considered using the AutoSSL feature? It would automatically install a signed SSL certificate for each individual domain and subdomain that resolves to the cPanel server.

Thank you.

 

[ehask71]

Hello Eric,

We made some changes in cPanel & WHM version 68 that may relate to your customization. Here are the relevant sections from the Version 68 Release Notes:



The certificate data for the installed SSL certificates is found in the /var/cpanel/ssl/apache_tls/ directory.



Are these domains hosted on the cPanel server? If so, have you considered using the AutoSSL feature? It would automatically install a signed SSL certificate for each individual domain and subdomain that resolves to the cPanel server.

Thank you.

Well that sucks cause my systems update automatically ...... lesson learned now I have to figure out how to rebuild my virthosts ... weird part is the system is still working even after the post_virthost files have vanished

The customers point the A records to the IP of the account with the SaaS code. Hence the reason for adding post_virthost so I do not think AutoSSL would work. Unless there is a way to host it and have each domain use the same webroot

Its one code base that selects data based on the domain making the call to the code

Different campuses but 1 codebase

 

[cPanelMichael]

Hello @ehask71,

The customers point the A records to the IP of the account with the SaaS code. Hence the reason for adding post_virthost so I do not think AutoSSL would work. Unless there is a way to host it and have each domain use the same webroot

Are these accounts and domains all hosted on the same cPanel server? If so, is the cPanel server used to manage the DNS for these domains?

Thank you.

 

[ehask71]

Yes we host the main domain [removed]

 

[cPanelMichael]

Hello @ehask71,

AutoSSL might be a viable option with the addition of DNS-based DCV in cPanel & WHM version 74:

In cPanel & WHM version 74, we added DNS-based Domain Control Validation (DCV), which the server automatically runs if HTTP-based DCV fails. DNS-based DCV provides an additional method for cPanel & WHM servers to prove domain control to certificate authorities. This new method will significantly improve SSL issuance rates and reduce AutoSSL notifications.

If the DNS for all of the domain names you want SSL certificates installed on is handled by the cPanel server, then AutoSSL should be able to issue certificates for them.

Thank you.

 

[ehask71]

This system is not always going to host the domains ...... the customers can create a A record pointing to the Main domain on our server. In this case currently we host the main domain. I need to know then how I can setup accounts to allow them to share a webroot ....

Domain 1 Domain 2
| |
| |
\ /

lunch.farsighted.com
(Hosted Domain)
|
|

/home/lunchfarsight/www

Domains can number many more ...... So if there is a way for me to create the virthosts and add SSL please enlighten me

 

[cPanelMichael]

Hello @ehask71,

There might be an alternative that integrates better with cPanel & WHM. Can you provide some more insight into why multiple accounts need to share the same document root, or some more information about the setup overall?

Thank you.