The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wildcard SSL - Subdomains through cPanel

Discussion in 'General Discussion' started by nurseryboy, Apr 8, 2008.

  1. nurseryboy

    nurseryboy Well-Known Member

    Joined:
    Mar 3, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    We have a site with multiple subdomains - that we set up through cPanel (rather than through WHM as their own accounts, because we need the subdomain files to be in the main site's account and owned by the main account). We need the both the main site (www.example.com), and all the subdomains (sub1.example.com, sub2.example.com, etc) to all be SSL protected.

    What I'm not sure about, though, is how to get it all set up. We have a wildcard cert for *.example.com, but none of the subdomains work (sub1.example.com brings up www.example.com). I believe this is because sub1.example.com doesn't have it's own IP address? If this is the case, how do we set up the subdomain to be on it's own IP address, without making it a separate account? Again, we need the subdomains to be in the main account (files and ownership). Any way to do this and not mess up cPanel?

    Thanks.
     
  2. Polyack

    Polyack Member

    Joined:
    May 20, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Any updates on this?

    I'm experiencing similar issues.
    Seems to be an issue with WHM 11.

    The following thread states this problem. In that thread they also mention that the hosting provider had to do some "manual changes". I'm wondering what these changes are. Anyone knows?
    Any alternative workarounds that don't require unique accounts and IPs?
    "Ref: http://www.jaguarpc.com/forums/showthread.php?p=135507

    Yes that is weird. Jag support have been in touch with cPanel support and have now reached the conclusion that the only way to get a wildcard certificate working is to create the 'subdomains' as stand-alone accounts (so they aren't subdomains at all), dedicate an IP to each, manually create the entry and then rebuild Apache. That's convenient then.

    It is now working, but support had to make changes manually. We no longer have subdomains, however - each 'subdomain' has to have it's own account and dedicated IP. Below is support's 'how to' guide:

    1.
    Copy the file for one of already installed certs e.g. in this case I copied file '/var/cpanel/userdata/myusername1/mysubdomain1.mydomain.net_SSL' to '/var/cpanel/userdata/myusername2/' .

    /var/cpanel/userdata/ is the path where each account has a folder with its apache and cpanel configuration files. The _SSL file is the one which contains the entries for ssl vhost for any domain.

    2.
    Rename that according to subdomain i.e. in this case rename '/var/cpanel/userdata/myusername2/mysubdomain1.mydomain.net_SSL' to '/var/cpanel/userdata/myusername2/mysubdomain2.mydomain.net_SSL'.

    3.
    Edit the file '/var/cpanel/userdata/myusername2/mysubdomain2.mydomain.net_SSL' and update user name to myusername2 where there is old username and update IP, viewing this file will clear any confusion.

    4.
    Run : /usr/local/cpanel/bin/build_apache_conf
    to rebuild apache configuration from the newly created file.

    5.
    Then restart apache to make it load newly built configuration."
     
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Apply wildcard SSL Certificates to existing (or newly created) subdomains should work properly in 11.23
     
  4. Polyack

    Polyack Member

    Joined:
    May 20, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Is it still required to create a separate account for every subdomain (every subdomain that I wish share the same (Wildcard SSL Certificate)? And a unique IP-adress for each of them as well?
     
    #4 Polyack, May 21, 2008
    Last edited: May 21, 2008
  5. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    My Original Post needs ammended.

    It is not required to have a separate account for each subdomain, however there is apparently a limitation in cPanel/WHM that results in forcing each subdomain to have it's own IP address in order to install the Cert on separate subdomains. One can apparently work around this by using mod rewrite to redirect requests.
     
    #5 cPanelKenneth, May 21, 2008
    Last edited: May 21, 2008
  6. Polyack

    Polyack Member

    Joined:
    May 20, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Thank you Kenneth for clarifying this matter.

    I'm wondering if wildcard certificates can be made using the "SSL Certificate creation wizard" builtin WHM version 11.23? If it's not
    then I simply create the certificate using the command-line, but it would be nice to know if it's supported as well.
     
  7. merlinpa1969

    merlinpa1969 Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    PA
    cPanel Access Level:
    Root Administrator
    are there any updates to this limitation in cPanel/WHM
     
  8. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Which limitation do you mean?
     
  9. merlinpa1969

    merlinpa1969 Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    PA
    cPanel Access Level:
    Root Administrator
    this is the limitation that I mean,
     
  10. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    That is more a limitation of OpenSSL and the Browsers than WHM. Due to that limitation, we currently enforce the multiple IP address/Sub domain method of using the wild card SSL certificate.
     
  11. merlinpa1969

    merlinpa1969 Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    PA
    cPanel Access Level:
    Root Administrator
    and see your tech people lastnight said it was an apache issue and instructed me to use a redirect for this process.

    How is this a browser and openSSL limitation?

    also how are other control panels able to not have this limitation
     
  12. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Except for the absolutely latest version of OpenSSL, only one SSL VirtualHost can be configured per IP Address. Apache relies upon OpenSSL for its SSL Support.

    You can read a nice description of the problem and what will be the eventual solution here: http://daniel-lange.com/plugin/tag/sni

    For SNI to work, both Apache (via OpenSSL) and the browser must support it. At this time, the majority of browsers do not support this spec.
     
Loading...

Share This Page