SOLVED Server hostname is resolving to a customers site when using HTTPS

mikefromnz

Active Member
Feb 9, 2017
32
5
8
New Zealand
cPanel Access Level
Root Administrator
Got a strange issue going on with my server. The hostname for example sake is server.example.com

When I use a web browser, and navigate to http:// server.example.com I get the default page "defaultwebpage.cgi" which is perfect

If I then use HTTPS:// server.example.com I see the contents of one of my customers pages (a totally separate hosting account in WHM) I also get a certificate error saying that server.example.com is not authorised to use mycustomerssite.com's SSL cert.

Any ideas?
 
Last edited by a moderator:

Jcats

Well-Known Member
PartnerNOC
May 25, 2011
806
156
168
New Jersey
cPanel Access Level
DataCenter Provider
Its because the server uses SNI, any non SSL domains will automatically load using the SSL of the first virtualhost in apache conf that reside on the same IP.

What you can do is, generate a self signed certificate, unless you already have a signed certificate for the hostname, OR if you are using AutoSSL you should already have an SSL generated for server.example.com but its only installed on cPanel services, not on port 443.

Go into WHM:

Home » SSL/TLS » Install an SSL Certificate on a Domain

In the "Domain:" field, put in server.example.com and click Autofill. If you already have a cert for the hostname, then it will autofill, then click Install.

Now go to:

Home » SSL/TLS » Manage SSL Hosts

scroll down to server.example.com and click "Make Primary".

Now anytime someone goes to the HTTPS for a site that does NOT have an SSL installed, it will go to your cPanel default page instead of bringing up someone else's website.

Hope this helps!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,224
463
Hello,

The instructions in the previous post should help. Let us know if you encounter any difficulties or have additional questions.

Thanks!
 

mikefromnz

Active Member
Feb 9, 2017
32
5
8
New Zealand
cPanel Access Level
Root Administrator
Its because the server uses SNI, any non SSL domains will automatically load using the SSL of the first virtualhost in apache conf that reside on the same IP.

What you can do is, generate a self signed certificate, unless you already have a signed certificate for the hostname, OR if you are using AutoSSL you should already have an SSL generated for server.example.com but its only installed on cPanel services, not on port 443.
You literally are a genius, thank you so much! perfect instructions and immediately solved the issue, awesome!!!!
 
  • Like
Reactions: cPanelMichael