Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSL Question on Shared Host Using SNI

Discussion in 'Security' started by johni, Apr 3, 2018.

  1. johni

    johni Registered

    Joined:
    Apr 3, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    This might be a bit different question than most but I am concerned with something my shared host might be doing and they don't appear to be competent enough to actually answer it.

    I've been using shared hosting at Hostgator for years. Since the push for HTTPS by google, I decided to make the switch. I purchased a DV SSL (Comodo PositiveSSL from SSLs.com) that is supposed to secure a single domain on one of my websites. Hostgator is still a decade behind, so not only do they not allow Let's Encrypt, but they also force you to get them to install the SSL for you (for a fee).

    Anyway, everything is working find and my site is secured over https now. But here's the problem: I recently created another website on this shared host/server and noticed that it too, by default after installing wordpress, was using the same SSL certificate under the https version of itself.

    Hostgator uses SNI. But I was under the impression that SNI allows for multiple sites to use multiple ssls on the same server/IP. Not for one ssl to be universally applied to all websites on that server. Also, my ssl certificate clearly states it's for a single domain, so I am wondering why it is being applied to multiple domains? When I say applied, I mean any new wordpress site I create on this server that I setup as https will automatically have that SSL certificate applied to it.

    Is this how SNI works? Or did hostgator mess something up? The last thing I want is for two separate sites to somehow be sharing the same SSL certificate when it's only registered and supposed to be applied to one domain. Again, it's a single-domain SSL certificate, not a multiple.

    Thanks
     
  2. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    703
    Likes Received:
    114
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    It means your site with the SSL installed is the default SSL installed on that IP so any site that does NOT have an SSL installed will automatically load the virtual host of the default site that has an SSL installed on that same IP, that's how SNI works.

    So you have 2 options..

    1. Install an SSL on your new site. $$
    2. Install a self signed SSL on the new site, no cost, but anyone going to the site will see the SSL warning page since its not a signed SSL but if they click through, they will see the correct site where as right now they would basically see the content of the SSL site on your domain with no SSL.

    well another option would be... Put your sites with an SSL on one IP, and your non SSL sites on another shared IP(just make sure you don't install an SSL on any of these sites, if you do, move it to your other shared IP for SSLs).

    or find a host that offers LE for free, doesn't force you to purchase an SSL AND also turn around and charge you to install it, absurd in my opinion.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,424
    Likes Received:
    98
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,

    The advice provided here by @Jcats is correct, @johni please let us know if you have any further questions on this!


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice