Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th February 2013, 15:51
darinpeterson darinpeterson is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 153
Thanks: 35
Thanked 13 Times in 13 Posts
Default Critical Problem with Resolving HTTPS ISPConfig 3 v3.0.4.6

I have a serious problem with https resolving to the wrong website. I have an existing website where I created an SSL, and I have a new site where I just created the SSL.

When I type https://firstsite.com, it resolves to https://newsite.com.

I am running my own name servers ns1.myserver.net, and ns2.myserver.net. The DNS records for both sites point to those name servers.

Help please... I don't know how to fix this.

MORE INFORMATION: I'm getting this when trying to restart Apache.

Code:
/etc/init.d/apache2 restart
Restarting web server: apache2[Wed Feb 20 14:54:30 2013] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
 ... waiting [Wed Feb 20 14:54:31 2013] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

Last edited by darinpeterson; 20th February 2013 at 15:58. Reason: more information
Reply With Quote
Sponsored Links
  #2  
Old 20th February 2013, 16:04
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,500 Times in 4,329 Posts
Default

I guess you created both sites on the same IP? Traditional SSL requires a dedicated IP address for every SSL website. When you create two websites on the same IP and enable ssl for both sites then you get SSL over SNI which is not supported by all web browsers and apache versions. See wikipedia article about SNI for details.

So if you want to have two ssl sites that work in all browsers, you need two IP addresses and assign the first site to the first IP and the second site to the second IP. Thats always the case for ssl site, so not a limitation of ispconfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
darinpeterson (20th February 2013)
  #3  
Old 20th February 2013, 16:16
darinpeterson darinpeterson is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 153
Thanks: 35
Thanked 13 Times in 13 Posts
Default Thank you for the prompt response

Till,

Thank you for the prompt response, and for setting me straight on what is needed here. I am new to SSL sites, so now I know.

Regards,
Darin
Reply With Quote
  #4  
Old 22nd February 2013, 15:50
darinpeterson darinpeterson is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 153
Thanks: 35
Thanked 13 Times in 13 Posts
Default

Ok, I fixed this problem and restarted the server. I completely removed the SSL from one site, and now have only SSL on the other. The problem that I have now is that when I type https://firstsite.com, or https://newsite.com, my server resolves to the site with the SSL. I'd prefer it go to an error page when no SSL is available. Why does it resolve to the domain that has the SSL? How can I fix this?

Thank you,
Darin
Reply With Quote
  #5  
Old 23rd February 2013, 11:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

You need an IP where you only put websites that use http (port 80). Your SSL websites should either use one IP per SSL website, or if you use SNI, you should use a dedicated IP for those SNI websites.

The problem is if you mix http and https websites on one IP, a https request for a http-only website will always go to the first configured https website (which is from another domain).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
darinpeterson (23rd February 2013)
  #6  
Old 26th February 2013, 14:56
darinpeterson darinpeterson is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 153
Thanks: 35
Thanked 13 Times in 13 Posts
Default

Is there a document that will show me an example of what the DNS records look like for sites with SSLs?

The reason I ask is this:

If my web server runs on 192.168.1.145, do I have to add each new domain to the /etc/hosts file when assigning new IP addresses?

/etc/hosts
Code:
127.0.0.1       localhost
192.168.1.145   web.server.com

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
So I want to add a new SSL domain. Must I do the following, or is there some way to create the DNS records, so I don't have to add the domain to the /etc/hosts file?

Code:
127.0.0.1       localhost
192.168.1.145   web.server.com
192.168.1.146   new.domain.com

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Last edited by darinpeterson; 26th February 2013 at 15:10. Reason: clarify what i don't understand
Reply With Quote
  #7  
Old 27th February 2013, 14:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Do you use those websites only in your local network? If you want to serve them to the outside world, then the problem is that your router can forward one port to just one IP. So if you host a second website on the same port, but different IP, you cannot serve it to the outside.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
darinpeterson (27th February 2013)
  #8  
Old 27th February 2013, 15:18
darinpeterson darinpeterson is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 153
Thanks: 35
Thanked 13 Times in 13 Posts
Default

Can you please point me to the documentation that will show me how to setup multiple secure domains on one web server using multiple IP addresses? An example of domain records would be helpful. Any help you can provide is appreciated...

This is not a local setup, it's intended to serve the Internet.
Reply With Quote
  #9  
Old 27th February 2013, 16:37
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,500 Times in 4,329 Posts
Default

Quote:
Can you please point me to the documentation that will show me how to setup multiple secure domains on one web server using multiple IP addresses? An example of domain records would be helpful. Any help you can provide is appreciated...
ISPConfig manual: Chapter "5.4 How Do I Create An SSL Web Site?".
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
darinpeterson (1st March 2013)
  #10  
Old 1st March 2013, 16:37
darinpeterson darinpeterson is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 153
Thanks: 35
Thanked 13 Times in 13 Posts
 
Default

Quote:
Originally Posted by till View Post
ISPConfig manual: Chapter "5.4 How Do I Create An SSL Web Site?".
Thank you Till... I did not have a chance to get back to this yet. The only thing missing is the DNS records. I'm going to see if I can work it out later today without a reference.
Reply With Quote
Reply

Bookmarks

Tags
https resolve

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Major recovery Toucan Installation/Configuration 18 9th August 2011 11:45
Sending email issue lezelf Installation/Configuration 15 9th August 2011 11:20
SquirrelMail login not working glenneh Installation/Configuration 13 9th April 2011 20:01
ISPConfig installation into multiple OpenVZ containers letezo Installation/Configuration 11 3rd March 2009 22:47
Problem with https and IE on Mac os and safari DarkBen Installation/Configuration 11 29th September 2006 17:45


All times are GMT +2. The time now is 21:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.