The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL with Dedicated IP (Page Not Found)

Discussion in 'General Discussion' started by zelf, Jan 3, 2006.

  1. zelf

    zelf Active Member

    Joined:
    Dec 6, 2005
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    I've added a dedicated IP for a FQDN through WHM. nslookup confirms that this FQDN is pointing to my added IP. Typing in the FQDN using http:// shows also that it is pointing to my server. However, typing in the FQDN using https:// returns page not found.

    I have installed the ssl crt, key through WHM and the FQDN is listed as an SSL Host in WHM. In httpd.conf I have the following, which all looks correct. What step have I missed for setting up a dedicated ip ssl through WHM? I've gone over it a 100 times and all seems exactly as it should be. Except for the dedicated IP it looks exactly the same as my shared ssl cert, which is working great. First time setting up dedicated ip ssl. Any ideas???
    Code:
    <IfDefine SSL>
    <VirtualHost xx.xx.xx.xxx:443>
    ServerAdmin webmaster@my.fqdn.tld
    DocumentRoot /home/mydir/public_html
    ServerName my.fqdn.tld
    UserDir public_html
    
    <IfModule mod_userdir.c>
      Userdir disabled
      Userdir enabled mydir
    </IfModule>
    
    <IfModule mod_php4.c>
      php_admin_value open_basedir "/home/mydir:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule mod_php5.c>
      php_admin_value open_basedir "/home/mydir:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    
    User myuser
    Group myuser
    ScriptAlias /cgi-bin/ /home/mydir/public_html/cgi-bin/
    
    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/my.fqdn.tld.crt
    SSLCertificateKeyFile /usr/share/ssl/private/my.fqdn.tld.key
    SSLCACertificateFile /usr/share/ssl/certs/my.fqdn.tld.cabundle
    SSLLogFile /usr/local/apache/domlogs/my.fqdn.tld-ssl_data_log
    CustomLog /usr/local/apache/domlogs/my.fqdn.tld-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    </IfDefine>
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Two things to try:

    1. Check the DNS entry at dnsreport.com/dnsstuff.com to make sure it has propagated

    2. Stop and restart httpd - a graceful restart isn't enough usually:

    httpd stop
    httpd startssl
     
  3. zelf

    zelf Active Member

    Joined:
    Dec 6, 2005
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Yes, it has propagated.
    Tried it already. Still same results. What else can I try Chirpy?
     
  4. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    May be a NameVirtualHost entry missing in the httpd.conf file for the dedicated IP. Not sure though. Sorry if I am wrong.
     
  5. zelf

    zelf Active Member

    Joined:
    Dec 6, 2005
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    There was no NameVirtualHost for the dedicated IP. I added it xx.xx.xx.xxx:443 directly under the Shared IP and did a httpd stop httpd startssl. Everything started fine, but still times out calling the domain in a browser on https.

    This is driving me insane. I've deleted the ssl host and recreated it. I've triple checked the cert and key and they are exactly what they should be, meaning the key used to create the CSR is the same as the key used to setup the SSL host and install the crt through WHM. My shared ssl cert is working perfectly. My dedicated ip cert is setup exactly the same in httpd.conf as the shared cert except for the DocRoot User and IP of course. This should be working by everything I've read. I'm at my wits end on this.

    Anyone have any more ideas for me on this? I need to get this up and running like yesterday. What really ticks me off is it is not rocket science to set this up and everything looks exactly the way it should be. :(
     
  6. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    not something stupid like a firewall blocking port 443 for that ip?

    nmap the IP and make sure its open.
    (probably not much use but sometimes easily missed)
     
    #6 nickp666, Jan 5, 2006
    Last edited: Jan 5, 2006
Loading...

Share This Page