Having trouble installing a wildcard cert on WHM.
Platform: cPanel 11.24.4-R35075 - WHM 11.24.2 - X 3.9, CentOS 5.3
The following substitutions are used:
__________________________________________________________
<*.domain.tld> = value for the common name in the CSR.
<mydomain.tld> = name of the base domain.
<mysubdomain.mydomain.tld> = name of an installed subdomain.
<ip> = unique ip of base domain to which the SSL cert gets attached.
<user> = the username for the account.
__________________________________________________________
The subdomains were setup and working fine before purchase of the cert.
Created the csr with <*.domain.tld>, (via a shell session, as the GUI does not allow the asterisk).
After purchasing and receiving the cert, it was manually placed in /etc/ssl/certs. It installs and works fine ... for only one domain at a time, whether that's the base domain, or a sub.
This link:
http://regx.dgswa.com/html/?q=node/63
and this thread on the cPanel forum:
http://forums.cpanel.net/showthread.php?t=106925&highlight=wildcard+ssl
basically describe doing the same thing, which is to repeatedly install the same cert to eachsubdomain.
However, as described, attempting first to install to <*.domain.tld> does not work. Attempting that gives you a nice error:
_____
The specified domain is not configured on the system. If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.
SSL Install aborted due to error.
_____
Now, you *can* install the cert to user nobody, and <mydomain.tld> will come up fine. But <mysubdomain.mydomain.tld> will come up as <mydomain.tld> if installed as <user>. If you go ahead and also install <mysubdomain.mydomain.tld> as nobody, you'll get a 500.
There is a small amount of relevant code in .htaccess for <mydomain.tld>:
ReWriteBase /
ReWriteCond %{REQUEST_FILENAME} !-f
ReWriteCond %{REQUEST_FILENAME} !-d
ReWriteRule . /index.php [L]
No .htaccess for any <mysubdomain.mydomain.tld>
So, start over, remove cert from "Manage SSL Hosts", do a fresh install of the cert for the main domain (with or without www), using "Install a SSL Certificate and Setup the Domin". The domain "browse" button works fine, it grabs the correct IP and user (this because I manually copied the cert into /etc/ssl/certs after purchasing it).
Then, install a subdomain, same procedure, but prepend the subdomain name into the text box to the right of the browse button, so instead of <mydomain.tld> you have <mysubdomain.mydomain.tld>. User & IP are still correct.
That does not work either. When you install the subdomain, you get:
_____
<mysubdomain.mydomain.tld> is already configured for SSL on <ip>. Updating Certificate Only!
_____
Subsequent to the installation, browsing to the main domain or any other installed subdomain takes you to the most recently installed subdomain. Looking at Manage SSL Hosts substantiates this behavior, as you'll see only the last subdomain installed, no matter how many you may have set up.
FWIW, after installation examining the cert in a browser does show <*.domain.tld> as the common name, so we've confirmed the CSR was generated correctly to begin with.
So, how does one install a wildcard cert into WHM, and update Apache for its usage?
Oh, a tiny bug, not going to the 'zilla for this, but when you delete an installed cert from "Manage SSL Hosts" it doesn't automagically restart Apache, so until you manually restart your SSL page is still available to the public.
Thanks for reading, looking forward to a solution.
--
Carl
Platform: cPanel 11.24.4-R35075 - WHM 11.24.2 - X 3.9, CentOS 5.3
The following substitutions are used:
__________________________________________________________
<*.domain.tld> = value for the common name in the CSR.
<mydomain.tld> = name of the base domain.
<mysubdomain.mydomain.tld> = name of an installed subdomain.
<ip> = unique ip of base domain to which the SSL cert gets attached.
<user> = the username for the account.
__________________________________________________________
The subdomains were setup and working fine before purchase of the cert.
Created the csr with <*.domain.tld>, (via a shell session, as the GUI does not allow the asterisk).
After purchasing and receiving the cert, it was manually placed in /etc/ssl/certs. It installs and works fine ... for only one domain at a time, whether that's the base domain, or a sub.
This link:
http://regx.dgswa.com/html/?q=node/63
and this thread on the cPanel forum:
http://forums.cpanel.net/showthread.php?t=106925&highlight=wildcard+ssl
basically describe doing the same thing, which is to repeatedly install the same cert to eachsubdomain.
However, as described, attempting first to install to <*.domain.tld> does not work. Attempting that gives you a nice error:
_____
The specified domain is not configured on the system. If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.
SSL Install aborted due to error.
_____
Now, you *can* install the cert to user nobody, and <mydomain.tld> will come up fine. But <mysubdomain.mydomain.tld> will come up as <mydomain.tld> if installed as <user>. If you go ahead and also install <mysubdomain.mydomain.tld> as nobody, you'll get a 500.
There is a small amount of relevant code in .htaccess for <mydomain.tld>:
ReWriteBase /
ReWriteCond %{REQUEST_FILENAME} !-f
ReWriteCond %{REQUEST_FILENAME} !-d
ReWriteRule . /index.php [L]
No .htaccess for any <mysubdomain.mydomain.tld>
So, start over, remove cert from "Manage SSL Hosts", do a fresh install of the cert for the main domain (with or without www), using "Install a SSL Certificate and Setup the Domin". The domain "browse" button works fine, it grabs the correct IP and user (this because I manually copied the cert into /etc/ssl/certs after purchasing it).
Then, install a subdomain, same procedure, but prepend the subdomain name into the text box to the right of the browse button, so instead of <mydomain.tld> you have <mysubdomain.mydomain.tld>. User & IP are still correct.
That does not work either. When you install the subdomain, you get:
_____
<mysubdomain.mydomain.tld> is already configured for SSL on <ip>. Updating Certificate Only!
_____
Subsequent to the installation, browsing to the main domain or any other installed subdomain takes you to the most recently installed subdomain. Looking at Manage SSL Hosts substantiates this behavior, as you'll see only the last subdomain installed, no matter how many you may have set up.
FWIW, after installation examining the cert in a browser does show <*.domain.tld> as the common name, so we've confirmed the CSR was generated correctly to begin with.
So, how does one install a wildcard cert into WHM, and update Apache for its usage?
Oh, a tiny bug, not going to the 'zilla for this, but when you delete an installed cert from "Manage SSL Hosts" it doesn't automagically restart Apache, so until you manually restart your SSL page is still available to the public.
Thanks for reading, looking forward to a solution.
--
Carl
