HTTPS / HTTP redirect / point issue

Discussion in 'General' started by MostHostLA, Nov 8, 2014.

  1. MostHostLA

    MostHostLA New Member

    I have what I consider an "odd" occurrence:

    Every website without an SSL (self signed or not) I run from my server incorrectly redirects to the first website I set up when a client tries to use SSL (https://something.com);

    Really I don't know if this is supposed to be intended behavior or not, and if it is I'm at a loss as how to change it.

    Normally I would expect that going to "https://something.com" - with no SSL - would alert me to the fact that the connection was untrusted and then proceed to show "http://something.com"

    What is happening instead is that when you go to "https://something.com" you get "https://somethingcompletelydifferent.com" - after the untrusted alert.

    Again, I have never had this happen before - particularly because why would I use SSL on a site I know it's not set up for it? - but it seems to be a problem specifically towards having clients who wish to just use the SSL protocol for transmitting data without a cert. at all...

    ... any and all help appreciated :)
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    What you describe is the normal behaviour of webservers when you use a shared IP address for ssl and non ssl websites. If a website exists as http ony and someone tries to access it by https and there is at least ne https site that uses the same IP, then the first website that has ssl enabled on the same IP address is shown.

    There are several solutions for this:

    a) use a dedicated IP address for this website or use a ip address for ssl sites and another one for sites without ssl.

    b) create a default ssl vhost, so all request for non existing sites go to that default vhost. a default vhost is simply a site with a domain that alwas first in alphabet. like 000default.tld, the domain does not have to exist in dns.
     
  3. Curtis Maurand

    Curtis Maurand New Member

    I went through all of the sites. None of them have SSL checked. All are set to a specific address. I had tried signing a single domain on the machine and I just deleted the keys and renewals. I edited the /etc/apache2/ports.conf and commented out port 443. I restarted the web server and the php-fpm server and still sites (which up until yesterday were working) suddenly are trying to go to https instead of http and it's not all the sites on that server.
     

Share This Page