The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL site on shared ip problem

Discussion in 'General Discussion' started by trhosting.net, Feb 28, 2014.

  1. trhosting.net

    trhosting.net Well-Known Member

    Joined:
    Mar 7, 2006
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Turkey
    Hello,

    We have a problem with SSL sites that are on the main server shared ip.
    We have sites on the main shared ip and some SSL sites too.

    For example we have a site example1.com that has no SSL installed and on the same shared ip there is another account example2.com with SSL.

    example1.com (no SSL)
    example2.com (with SSL)

    When a user connects to this sites with http://example1.com and http://example2.com there is no problem. But the problem is when a user accidentally connects to https://example1.com (example1.com has no SSL), example2.com is loading at the browser gives SSL error because the certificate belongs to example2.com but the url is example1.com.

    What can we do for this?

    Thank you

    - - - Updated - - -

    I am asking because some of the sites on our server is indexed by google with https links, but they have no ssl installed and the indexed site is wrong site
     
    #1 trhosting.net, Feb 28, 2014
    Last edited: Feb 28, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    If the account is assigned a shared IP address, and a SSL certificate is installed on that IP address, then any secure request to a domain name on that IP address will load the contents of the domain name the certificate is installed for. This is by design. You will need to assign a dedicated IP address to the account that uses the SSL certificate if you don't want that certificate applied to the other domain names on it's IP address. Or, you could generate/install a self-signed certificate for each domain name on the server (Assuming your server supports SNI).

    Thank you.
     
  3. trhosting.net

    trhosting.net Well-Known Member

    Joined:
    Mar 7, 2006
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Turkey
    Hello Michael,

    Is it possible to install many SSL certificates to another IP address on the server?

    We have lots of sites with SSL on shared address. I want to transfer them to another IP address but all to the same IP address.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, you can install multiple SSL certificates on a single IP address if your server supports SNI (it uses CentOS/RHEL 6).

    Thank you.
     
  5. elialum

    elialum Member

    Joined:
    Sep 10, 2008
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    cPanel Access Level:
    DataCenter Provider
    Hi,

    We are facing the same issue.

    I've managed to "bypass" this problem by generating a fake account on the shared ip (nossl.loc), and create a self signed ssl for it.

    Now, if the fake account will be listed first in httpd.conf, he will take all the https requests and will return an error to any site that is not using SSL.

    Problem is that I don't know how to force it to get listed first ?

    Any ideas will be welcomed.

    Thanks,
    Eli.
     
  6. elialum

    elialum Member

    Joined:
    Sep 10, 2008
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    cPanel Access Level:
    DataCenter Provider
    Hi Again,

    ok, I think I've worked something out -

    I've copied the "<VirtualHost 1.1.1.1:443> ... /VirtualHost>" section from the main httpd.conf for the fake domain I created earlier to the pre_main_global.conf file, so now it loads first.

    Now it shows twice, first on the pre_main_global file, and second on the main httpp.conf (couldn't remove it from the httpd.conf, rebuild adds it once again every time).

    Dirty solution, but it works for now.

    Eli.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You could also make one SSL certificate the primary certificate for an IP address via the "Make Primary" option in "WHM Home » SSL/TLS » Manage SSL Hosts".

    Thank you.
     
  8. EEKdood

    EEKdood Member

    Joined:
    Jan 19, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Folks,

    I have pretty much the same problem: One IP and a mix of SSL and non-SSL hosts. I have installed a certificate for the server's hostname (wildcard certificate). I've set that certificate as the primary for the IP address and as the shared certificate.

    Now, when I visit a non-SSL host using https, the certificate for one of the SSL hosts is displayed.

    What am I missing here?

    Thanks.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hi EEKdood,

    This is explained in my earlier post:

    Or, do you mean it's loading a SSL certificate that is different than the one you used the "Make Primary" option for?

    Thank you.
     
  10. EEKdood

    EEKdood Member

    Joined:
    Jan 19, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks Michael. You are correct. The SSL being loaded for sites that do not have a certificate installed is different than the one I have selected as Primary and Shared (which is a wildcard installed as the server's hostname).
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    To clarify, is this happening on websites assigned that same IP address? If so, please open a support ticket so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thanks.
     
  12. EEKdood

    EEKdood Member

    Joined:
    Jan 19, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Yes. All sites on the same IP. A small percentage have SSLs installed. A certificate for the hostname is set as primary on the IP and is also set as shared.

    Thanks! I'll open a ticket now.
     
  13. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    3
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    Hello,

    I wanted to update the thread with a work around for an issue that occurred in previous versions of cPanel that has re-appeared in 11.44 that can occur with the Primary SSL/Shared SSL set for the server's hostname after resetting the hostname. For your reference this is related to case 52366.

    There have been cases where resetting the hostname will append the new hostname as a subdomain to the "/var/cpanel/userdata/nobody/main" file, instead of replacing the main domain. In order to correct this you have to manually edit the file at "/var/cpanel/userdata/nobody/main" and remove this from the subdomain section and set it as the main domain, then rebuild the apache configuration file with "/scripts/rebuildhttpdconf", and restarted apache using "service httpd restart".

    In some cases you may need to also remove and reapply the shared certificate for the hostname.

    If you have any issues with this please feel free to open a support ticket using the links in my signature.
     
Loading...

Share This Page