SSL dedicated IP to shared IP with SNI

Tom Risager

Well-Known Member
Jul 10, 2012
116
6
18
Copenhagen, Denmark
cPanel Access Level
Root Administrator
I have moved an account between two cPanel servers using the account transfer function in WHM.

This particular account has been using an SSL certificate with a dedicated IP on the old server. On the new server it is on a shared IP and it should continue to use the SSL certificate using SNI.

However, after completing the transfer, the SSL certificate for that particular account has now also become the certificate for all other accounts on the server (server hostname included). In other words, if I visit https://somedomain.com (which does not have an SSL certificate) I am presented with the certificate from the transferred account (and a warning that the certificate does not match the hostname).

I have tried uninstalling and reinstalling the certificate without success.

In WHM, if I open "Manage SSL Hosts", I see a message saying "Currently, there are no shared SSL certificates." If I try to share the certificate and then disable sharing, I get "Error deleting SSL certificate mytransferreddomain.com: No such file or directory"

Any help would be appreciated.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
If you go to WHM-> SSL/TLS -> Manage SSL Hosts
you see that "Is Primary Website on IP Address?" for that domain is "Yes".
If the certificate is the only one on that IP address then I am afraid there is nothing you can do.
The normal configuration is that you have a certificate for your server's hostname, and you can set that certificate as the "Shared SSL Certificate" and the "Primary Website on IP Address".
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

You could generate a self-signed certificate for the hostname of the server, install it, and then make it the primary SSL certificate via:

"WHM Home » SSL/TLS » Manage SSL Hosts"

This will ensure the hostname of the server is used instead of the domain name as the default SSL certificate. The only other workaround is to assign a dedicated IP address to the account with the SSL certificate.

Thank you.