whipworks

Well-Known Member
Aug 19, 2014
192
11
68
cPanel Access Level
Reseller Owner
Hey guys,

Not sure which category this falls into. Site redirects to another site.

There's no redirect that we can find on both accounts. There's no update done on the site as far as I see. But for some reason when we hit the site url, it shows a certificate warning of another url. Thus when you go to advance and proceed, it goes to another website.

Going to thisdomain.ca > shows up certificate warning saying the certificate is being used by or assigned to another site anotherdomain.ca > hit advanced and proceed > goes to the said site anotherdomain.com

Only thing they have the same is that they are sitting on the same server. The site in question has no ssl. Both made through wordpress. We have no access to their wordpress accounts. Has anyone heard of this issue?
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
723
285
363
cPanel Access Level
DataCenter Provider
This will always happen if you go to a site https and the site does not have a certificate. Apache does not know what to do, so it gives you the first site in the configuration with a valid SSL. The solution is to get a cert issued for that site.
 
  • Like
Reactions: cPRex

whipworks

Well-Known Member
Aug 19, 2014
192
11
68
cPanel Access Level
Reseller Owner
Thank you for your reply guys

This will always happen if you go to a site https and the site does not have a certificate. Apache does not know what to do, so it gives you the first site in the configuration with a valid SSL. The solution is to get a cert issued for that site.
First time that this happened. There's a lot of domains on the server that doens't have ssl, but this is the only one that is having this issue.

Have you checked if the site has a HTTPS redirect? in the htaccess or database?
Nothing on htaccess
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
723
285
363
cPanel Access Level
DataCenter Provider
First time that this happened. There's a lot of domains on the server that doens't have ssl, but this is the only one that is having this issue.
Just to verify, are the sites without SSL certs being accessed with http or https? Can you try to access them with https and see what happens.
 

whipworks

Well-Known Member
Aug 19, 2014
192
11
68
cPanel Access Level
Reseller Owner
Just to verify, are the sites without SSL certs being accessed with http or https? Can you try to access them with https and see what happens.
Just http. even if you just put domainname.ca it redirects to the other site that has an ssl. I think there's a redirect somewhere, like Diego said, but I couldn't find it.
 

Spirogg

Well-Known Member
Feb 21, 2018
700
155
43
chicago
cPanel Access Level
Root Administrator
Not sure. But was reading in cPanel docs ports that each service uses and found this

To disable insecure logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” setting to On in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). This will redirect users to secure ports with the /cpanel, /whm, and /webmail aliases.

Not sure if this would affect anything as what you have going on ?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,053
1,748
363
cPanel Access Level
Root Administrator
There is definitely an https redirect happening somewhere, or else the SSL warning would not show up at all when you visit just the domain name. If you're not seeing this in any .htaccess files, it's likely to be in WordPress itself, as the siteurl value could have been configured to use https from the very initial installation.

@Spirogg - no, that wouldn't be related as that only covers cPanel, WHM, and Webmail access - not individual domain content.
 
  • Like
Reactions: Spirogg

whipworks

Well-Known Member
Aug 19, 2014
192
11
68
cPanel Access Level
Reseller Owner
I believe @ffeingol nailed it, especially due to this:



Once you get an SSL working on that site you likely will not experience this issue.
This is the first time this happened though. Like I said, they have had no ssl for the longest time and had no issues with this. Other account on the server have no ssl and has no issues. To be honest I think there's like only 5-8 account that I know of that has ssl and others have none. The server has atleast 90+ accounts on it. Only one is having this issue.
 

whipworks

Well-Known Member
Aug 19, 2014
192
11
68
cPanel Access Level
Reseller Owner
Not sure. But was reading in cPanel docs ports that each service uses and found this

To disable insecure logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” setting to On in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). This will redirect users to secure ports with the /cpanel, /whm, and /webmail aliases.

Not sure if this would affect anything as what you have going on ?
Thanks for the reply. I turned that off, but it still calls out https
 
  • Like
Reactions: Spirogg

whipworks

Well-Known Member
Aug 19, 2014
192
11
68
cPanel Access Level
Reseller Owner
There is definitely an https redirect happening somewhere, or else the SSL warning would not show up at all when you visit just the domain name. If you're not seeing this in any .htaccess files, it's likely to be in WordPress itself, as the siteurl value could have been configured to use https from the very initial installation.

Thanks Rex. I'll check with the site owner. Don't have access to their wordpress.
 
  • Like
Reactions: cPRex

whipworks

Well-Known Member
Aug 19, 2014
192
11
68
cPanel Access Level
Reseller Owner
@cPRex we assigned an ssl on it using auto ssl from cpanel. The site shows up now, but it still says it's not secured. Even when I checked the ssl information that the cert is from cpanel and issued today.
 

whipworks

Well-Known Member
Aug 19, 2014
192
11
68
cPanel Access Level
Reseller Owner
Since you already accepted the certificated warning before, you likely need to clear your browser's cache or history for that site, or try a different browser completely to see if it's working well.
Done that already with multiple browsers. Same thing, Show the padlock but with the exclamation point warning not verified. But when you view the information of the certificate, it shows cpanel registered.

Usually, you'll know the certificate is okay when you run your mouse on the padlock and it will say verified by cpanel inc.
 

Diego Piquero

Member
Jan 13, 2022
22
3
3
España
cPanel Access Level
Root Administrator
Done that already with multiple browsers. Same thing, Show the padlock but with the exclamation point warning not verified. But when you view the information of the certificate, it shows cpanel registered.

Usually, you'll know the certificate is okay when you run your mouse on the padlock and it will say verified by cpanel inc.
Perhaps mixed content so it's secured but loading insecure images/resources forces the browser to show it unsecure. Also, if you have access to php my admin, check the table wp_options, it may have something as "https:// domain.ca" in two options, which forces the https redirect.
 
  • Like
Reactions: cPRex

whipworks

Well-Known Member
Aug 19, 2014
192
11
68
cPanel Access Level
Reseller Owner
Perhaps mixed content so it's secured but loading insecure images/resources forces the browser to show it unsecure. Also, if you have access to php my admin, check the table wp_options, it may have something as "https:// domain.ca" in two options, which forces the https redirect.
Yes Diego. We found some images that is http and not https. Also some links. We told them to fix that. Thank you guys for your input and time :)
 
  • Like
Reactions: cPRex

whipworks

Well-Known Member
Aug 19, 2014
192
11
68
cPanel Access Level
Reseller Owner
@whipworks - at this point it might be best to create a ticket with our team so we can check the site directly. If you are able to create a ticket, please post the number here so I can follow along.
Question, wouldn't the ssl certificate convert all images that are not http to https?