The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Certificate on a Shared IP

Discussion in 'General Discussion' started by peterk92, Jan 25, 2011.

  1. peterk92

    peterk92 Member

    Joined:
    Nov 14, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    So I have a VPS through Daily.co.uk and they say I have to install the SSL certificate on the primary IP before they will give me a dedicated IP. They say this is due to RIPE issuing restrictions, they say that its possible or in their words,

    So does anyone know how to install a SSL certificate for my domain on a shared IP?
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    To install a shared SSL certificate, in the WebHost Manager, click Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain. Paste in the certificate, key and CA bundle if you have one. In the User field, enter nobody. This must be nobody if you are installing a certificate on a shared IP address. If you enter an account username, the installation will fail.

    Note that once installed, this certificate will be used by every site on the shared IP address.
     
  3. peterk92

    peterk92 Member

    Joined:
    Nov 14, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    But thats a point I want to install a SSL certificate just for one domain. Not a shared certificate,
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    The issue here is that a shared IP is shared by all domains on the machine. You can install the SSL onto the user nobody and still use an individual domain, but any user going to https://anotherdomain.com will pull up the site of the user's domain that has the SSL. So, basically, here is what happens:

    1. You install the certificate for thisdomain.com on the shared IP as the user nobody
    2. All sites are on that IP, so anyone hitting https (which is on port 443) will pull up https://thisdomain.com site content even when using https://anothersite.com (they will show their domain in a browser but the content of the https://thisdomain.com site)

    You cannot share an IP and still have the SSL only work on one domain name. Everyone is going to be able to see that other site on https. You have to have a dedicated IP for only that user to show https:// for their domain name.

    Most hosts will let you purchase an additional IP, and any host running Apache is going to have this same issue with a shared IP showing the content for the one domain for all other sites when loading https in a browser.

    Now, if you do not care if other sites load the one domain and only care if the one domain works for https, you would need to take one further step to get it working on the shared IP. In root SSH after installing as the user nobody, you'd need to do the following:

    Code:
    cp /var/cpanel/userdata/nobody/thisdomain.com_SSL /var/cpanel/userdata/username/thisdomain.com_SSL
    Replace thisdomain.com with the domain name and username with the cPanel username of the account. At that point, you'd then open up the file at /var/cpanel/userdata/username/thisdomain.com_SSL after backing it up:

    Code:
    cp /var/cpanel/userdata/username/thisdomain.com_SSL /var/cpanel/userdata/username/thisdomain.com_SSL.bak
    vi /var/cpanel/userdata/username/thisdomain.com_SSL
    Then edit the following lines (these are taken out of order as there are other lines that I am not showing which do not need to be edited):

    Code:
    documentroot: /home/username/public_html/
    group: username
    homedir: /home/username
    user: username
    As previously, replace username with the cPanel username.

    To replace the httpd.conf (Apache configuration) file with the new content, then you'd run these commands to backup httpd.conf, rebuild it and restart it:

    Code:
    cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak110125
    /scripts/rebuildhttpdconf
    /scripts/restartsrv_httpd
    Thanks.
     
Loading...

Share This Page