SSL and VirtualHost

[Framoh76]

Hi There,

i've setup 2 virtualhosts on Apache 2.4 for 2 subdomains. The 2 vhosts are responding ok but not with SSL secured.

I've created a Let's encrypt certificate for the domain and using WHM Install an SSL Certificate on a domain , i'm trying to install the SSL on the domain and also on the subdomain....
Once done, it says that my domain is now secured , but accessing it from outside using a web browser, i still have a message stating my site is not secured.

I've restarted apache, rebooted the server....

What i'm missing ?

 

[cPRex]

Hey there! It sounds like you've done everything right, especially if you are getting a positive confirmation on the "Install an SSL Certificate on a Domain" page in WHM. It might be good to manually check the Apache configuration file at /etc/apache2/conf/httpd.conf to ensure the 443 secure vhost is being created there. Other than that, there isn't much testing advice I can offer without knowing the domain name.

Is it possible your local browser has cached the non-SSL data? Could you try from a different network, such as a phone, to see if that changes the behavior?

 

[Framoh76]

Hi many thanks for your reply.

I've just tried from my mobile phone, but same problem....

 

[Framoh76]

I've just checked and the VirtualHost are inside the /etc/apache2/conf/httpd.conf


<VirtualHost 1.2.3.4:443>
ServerName domain.com
ServerAlias domain.com
DocumentRoot /var/www/html
ServerAdmin [email protected]domain.com
UseCanonicalName Off

## User nobody # Needed for Cpanel::ApacheConf
<IfModule userdir_module>
<IfModule !mpm_itk.c>
<IfModule !ruid2_module>
<IfModule !mod_passenger.c>
UserDir disabled
UserDir enabled nobody
</IfModule>
</IfModule>
</IfModule>
</IfModule>

# Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
# To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
# the user's .htaccess file. For more information, please read:
# mod_include - Apache HTTP Server Version 2.4
<IfModule mod_include.c>
<Directory "/var/www/html">
SSILegacyExprParser On
</Directory>
</IfModule>


<Proxymatch ^https?://127\.0\.0\.12082|2083|2077|2078|2079|2080|2086|2087|2095|2096)/>
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
</Proxymatch>

<IfModule mod_suphp.c>
suPHP_UserGroup nobody nobody
</IfModule>

<IfModule alias_module>
ScriptAlias /cgi-bin/ /var/www/html/cgi-bin/
</IfModule>
<IfModule ssl_module>
SSLEngine on

SSLCertificateFile /var/cpanel/ssl/apache_tls/domain.com/combined

SSLUseStapling off
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<Directory "/var/www/html/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
</IfModule>





Include "/etc/apache2/conf.d/userdata/ssl/2_4/nobody/domain.com/*.conf"




# To customize this VirtualHost use an include file at the following location
# Include "/etc/apache2/conf.d/userdata/ssl/2_4/nobody/domain.com/*.conf"

</VirtualHost>
<VirtualHost 51.210.251.155:443>
ServerName domain.com
ServerAlias domain.com
DocumentRoot /var/www/html
ServerAdmin [email protected]
UseCanonicalName Off

## User nobody # Needed for Cpanel::ApacheConf
<IfModule userdir_module>
<IfModule !mpm_itk.c>
<IfModule !ruid2_module>
<IfModule !mod_passenger.c>
UserDir disabled
UserDir enabled nobody
</IfModule>
</IfModule>
</IfModule>
</IfModule>


# Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
# To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
# the user's .htaccess file. For more information, please read:
# mod_include - Apache HTTP Server Version 2.4
<IfModule mod_include.c>
<Directory "/var/www/html">
SSILegacyExprParser On
</Directory>
</IfModule>


<Proxymatch ^https?://127\.0\.0\.12082|2083|2077|2078|2079|2080|2086|2087|2095|2096)/>
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
</Proxymatch>

<IfModule mod_suphp.c>
suPHP_UserGroup nobody nobody
</IfModule>

<IfModule alias_module>
ScriptAlias /cgi-bin/ /var/www/html/cgi-bin/
</IfModule>
<IfModule ssl_module>
SSLEngine on

SSLCertificateFile /var/cpanel/ssl/apache_tls/domain.com/combined

SSLUseStapling off
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<Directory "/var/www/html/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
</IfModule>

# To customize this VirtualHost use an include file at the following location
# Include "/etc/apache2/conf.d/userdata/ssl/2_4/nobody/domain.com/*.conf"

</VirtualHost>

 

[cPRex]

Thanks for those details - I probably should have specified that it's best to not include the details publicly for security reasons, so I edited that last post.

I do also see a self-signed certificate on my end as well. If you don't have any additional tools, such as Cloudflare or Nginx, it would be best to get a ticket opened with our team so we can check that directly and see what the issue could be. If you do create a ticket, please post the number here so I can follow that and keep everyone updated with the progress.