The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL dedicated IP to shared IP with SNI

Discussion in 'General Discussion' started by Tom Risager, Sep 16, 2013.

  1. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark, Denmark
    cPanel Access Level:
    Root Administrator
    I have moved an account between two cPanel servers using the account transfer function in WHM.

    This particular account has been using an SSL certificate with a dedicated IP on the old server. On the new server it is on a shared IP and it should continue to use the SSL certificate using SNI.

    However, after completing the transfer, the SSL certificate for that particular account has now also become the certificate for all other accounts on the server (server hostname included). In other words, if I visit https://somedomain.com (which does not have an SSL certificate) I am presented with the certificate from the transferred account (and a warning that the certificate does not match the hostname).

    I have tried uninstalling and reinstalling the certificate without success.

    In WHM, if I open "Manage SSL Hosts", I see a message saying "Currently, there are no shared SSL certificates." If I try to share the certificate and then disable sharing, I get "Error deleting SSL certificate mytransferreddomain.com: No such file or directory"

    Any help would be appreciated.
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    If you go to WHM-> SSL/TLS -> Manage SSL Hosts
    you see that "Is Primary Website on IP Address?" for that domain is "Yes".
    If the certificate is the only one on that IP address then I am afraid there is nothing you can do.
    The normal configuration is that you have a certificate for your server's hostname, and you can set that certificate as the "Shared SSL Certificate" and the "Primary Website on IP Address".
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You could generate a self-signed certificate for the hostname of the server, install it, and then make it the primary SSL certificate via:

    "WHM Home » SSL/TLS » Manage SSL Hosts"

    This will ensure the hostname of the server is used instead of the domain name as the default SSL certificate. The only other workaround is to assign a dedicated IP address to the account with the SSL certificate.

    Thank you.
     
  4. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark, Denmark
    cPanel Access Level:
    Root Administrator
    Thanks for your responses, I must have misunderstood that aspect of the SNI feature.
    Tom
     
Loading...

Share This Page