The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

So frustrated with wildcard cert / subdomains

Discussion in 'General Discussion' started by P_W, Aug 4, 2013.

  1. P_W

    P_W Active Member

    Joined:
    Oct 7, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    I have a project I'm working on that uses dynamic subdomains that are parsed by code vs handled in separate folders in apache. I've done this lots of times, but this is the first time I actually want to use a cert to handle secure transactions.

    So, I bought a wildcard cert and tried to install it, only 11.34.1.26 didn't seem to know what to do with it and all the work-around instructions I found required defining all the subdomains manually, which completely defeats the purpose. A post in a cpanel feature request board, I saw that 11.38.1 was supposed to support wildcards per the post.

    So, after pulling my hair out trying to figure out why 11.34 wouldn't upgrade to 11.38 (ended up being due to a mysql quirk). Finally got 11.38 installed, only it still won't let me install the wildcard on the defined IP.

    I get the error: "The IP address 'xx.xx.xx.xx' is not available, or you do not have permission to use it."

    So, after juggling IP addresses around, I managed to setup the prior dedicated IP as a reseller IP and only assigned the prior domain to it, which then the cert allows me to install. Only, http://ww5.mydomain.com works fine, but https://ww5.mydomain.com points to the "default website page" screen.

    What am I missing?

    Looking over the release notes, I see that I may have to upgrade to CentOS 6 to gain this functionality :(

    Can anyone enlighten me? Am I just completely missing something obvious? I don't want to manually configure subdomains and I don't want separate directories. Just the SSL capability.

    Thank you in advance!
     
    #1 P_W, Aug 4, 2013
    Last edited: Aug 4, 2013
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    650
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The issue here is that you are attempting to install multiple certificates on the same IP address. This feature is not natively supported unless you are using version 6 of CentOS/Redhat/Cloud Linux on cPanel 11.38 or higher.

    I recommend migrating the accounts to a system that uses one of these operating systems if possible. This will allow for the use of the SNI feature, which supports multiple certificates on the same IP address. This may be easier than attempting to use manual workarounds (e.g. Wildcard SSL Workaround) to install multiple certificates on the same IP address.

    Note that you would still install each certificate individually. So, instead of installing a SSL certificate for "*.domain.com", you would install the same certificate for each specific subdomain that requires SSL.

    Thank you.
     
  3. P_W

    P_W Active Member

    Joined:
    Oct 7, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    cPanelMichael > Thank you for your reply!

    Just clarifying, if I upgrade to CentOS6, is installing on each subdomain still required? I really need the flexible subdomain capability without me having to create the subdomains for each use. Is this possible?
     
  4. P_W

    P_W Active Member

    Joined:
    Oct 7, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Ok, this is bizarre, but I think I just figured it out on my own completely by chance. I'm not sure why this works, but thankfully it does, and hopefully this helps someone in the future.

    (1) I first setup an account with a dedicated IP, but setup the IP for sharing as a reseller but only leave the one account (not sure if this matters).

    (2) Now, I use a 3rd party DNS host so I don't know if this matters with internal cPanel DNS, but setup your *.mydomain.com and point it at your dedicated ip address.

    (3) Using my *.mydomain.com wildcard cert & the new 11.38 SSL tool, I pasted it into the "certificate" field and used the nifty "autofill" tool to fill in the rest.

    (4) Now, it's sneaky and tries to install on *.mydomain.com - I edited this field to just mydomain.com. It'll also try and auto-discover the IP, pick the dedicated "shared" IP from the first step.

    (5) Click "install" and the behind the scenes magic happens. Now if you go to https://goober.mydomain.com it works! I dynamically process the subdomains, but you could just as easily use an .htaccess to point them to whatever sub-folder you like.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    650
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page