HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Critical Problem with Resolving HTTPS ISPConfig 3 v3.0.4.6 (http://www.howtoforge.com/forums/showthread.php?t=60625)

darinpeterson 20th February 2013 15:51

Critical Problem with Resolving HTTPS ISPConfig 3 v3.0.4.6
 
I have a serious problem with https resolving to the wrong website. I have an existing website where I created an SSL, and I have a new site where I just created the SSL.

When I type https://firstsite.com, it resolves to https://newsite.com.

I am running my own name servers ns1.myserver.net, and ns2.myserver.net. The DNS records for both sites point to those name servers.

Help please... I don't know how to fix this.

MORE INFORMATION: I'm getting this when trying to restart Apache.

Code:

/etc/init.d/apache2 restart
Restarting web server: apache2[Wed Feb 20 14:54:30 2013] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
 ... waiting [Wed Feb 20 14:54:31 2013] [warn] _default_ VirtualHost overlap on port 443, the first has precedence


till 20th February 2013 16:04

I guess you created both sites on the same IP? Traditional SSL requires a dedicated IP address for every SSL website. When you create two websites on the same IP and enable ssl for both sites then you get SSL over SNI which is not supported by all web browsers and apache versions. See wikipedia article about SNI for details.

So if you want to have two ssl sites that work in all browsers, you need two IP addresses and assign the first site to the first IP and the second site to the second IP. Thats always the case for ssl site, so not a limitation of ispconfig.

darinpeterson 20th February 2013 16:16

Thank you for the prompt response
 
Till,

Thank you for the prompt response, and for setting me straight on what is needed here. I am new to SSL sites, so now I know.

Regards,
Darin

darinpeterson 22nd February 2013 15:50

Ok, I fixed this problem and restarted the server. I completely removed the SSL from one site, and now have only SSL on the other. The problem that I have now is that when I type https://firstsite.com, or https://newsite.com, my server resolves to the site with the SSL. I'd prefer it go to an error page when no SSL is available. Why does it resolve to the domain that has the SSL? How can I fix this?

Thank you,
Darin

falko 23rd February 2013 11:46

You need an IP where you only put websites that use http (port 80). Your SSL websites should either use one IP per SSL website, or if you use SNI, you should use a dedicated IP for those SNI websites.

The problem is if you mix http and https websites on one IP, a https request for a http-only website will always go to the first configured https website (which is from another domain).

darinpeterson 26th February 2013 14:56

Is there a document that will show me an example of what the DNS records look like for sites with SSLs?

The reason I ask is this:

If my web server runs on 192.168.1.145, do I have to add each new domain to the /etc/hosts file when assigning new IP addresses?

/etc/hosts
Code:

127.0.0.1      localhost
192.168.1.145  web.server.com

# The following lines are desirable for IPv6 capable hosts
::1    ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

So I want to add a new SSL domain. Must I do the following, or is there some way to create the DNS records, so I don't have to add the domain to the /etc/hosts file?

Code:

127.0.0.1      localhost
192.168.1.145  web.server.com
192.168.1.146  new.domain.com

# The following lines are desirable for IPv6 capable hosts
::1    ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


falko 27th February 2013 14:45

Do you use those websites only in your local network? If you want to serve them to the outside world, then the problem is that your router can forward one port to just one IP. So if you host a second website on the same port, but different IP, you cannot serve it to the outside.

darinpeterson 27th February 2013 15:18

Can you please point me to the documentation that will show me how to setup multiple secure domains on one web server using multiple IP addresses? An example of domain records would be helpful. Any help you can provide is appreciated...

This is not a local setup, it's intended to serve the Internet.

till 27th February 2013 16:37

Quote:

Can you please point me to the documentation that will show me how to setup multiple secure domains on one web server using multiple IP addresses? An example of domain records would be helpful. Any help you can provide is appreciated...
ISPConfig manual: Chapter "5.4 How Do I Create An SSL Web Site?".

darinpeterson 1st March 2013 16:37

Quote:

Originally Posted by till (Post 292785)
ISPConfig manual: Chapter "5.4 How Do I Create An SSL Web Site?".

Thank you Till... I did not have a chance to get back to this yet. The only thing missing is the DNS records. I'm going to see if I can work it out later today without a reference.


All times are GMT +2. The time now is 14:51.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.