HTTPS URL pointing to wrong site?

Discussion in 'Installation/Configuration' started by rob_morin, Aug 17, 2018.

  1. rob_morin

    rob_morin Member

    Hello all...
    I added an SSL site for an existing client www.bojnberry.ca
    So now both SSL & non SSL working fine for bojnberry.ca

    But we had a client for some reason try to get to https://www2.dido.ca - not sure why they tried that URL as of yet.
    And they get an error that the cert is no go as it points to https://www2.bojnberry.ca ???

    How do i resolve this?
    Thanks...
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. rob_morin

    rob_morin Member

    but we do not use www2 :) I will remove www2.dido.ca from DNS since we do not use it.... still not sure why it redirects form dido.ca to bojnberry.ca
     
  4. rob_morin

    rob_morin Member

    I removed the not needed www2.dido.ca and it simply says no page found, so thats ok...
     
  5. herrera

    herrera New Member

    Hi, i have the same problem on my server, for all website when i go in https on one of them are redirecting to the same website.. And when i go in http for all website there is no problem the redirection is correct.
    This is the only website i have activated lets-encrypt and i don't understand why my ispconfig is not accessible in https ont the 8080 port ?
    I have verified vhosts file and i don't see specific problem.
    Thanks in advance !
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You describe two different things here which are not related:

    1) When you create an SSL website which shares the same Ip with other non SSL websites, then this website must show up when you use one of the other domains by https. That's the normal behavior of web servers and not related to ISPConfig. Solutions are: a) enable SSL for all sites or b) use different Ip addresses for SSL sites and non SSL sites or c) create an SSL catchall site.

    2) When ISPConfig is not accessible, then this is not related to 1) To find out why you can't access ISPConfig anymore you should describe what you changed in the config of the port 8080 vhost.
     
  7. herrera

    herrera New Member

    Thank you for your answer.

    1) okay i will adapt your solutions to my problem, i thinked that this problem is due to 2)

    2) As you can see on my file vhost i don't hace modifiy my vhost directly, il love ispconfig interface. Thank you in advance if you see thomething.

    Code:
    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################
    
     Listen 8080
    NameVirtualHost *:8080
    
    <VirtualHost _default_:8080>
      ServerAdmin [email protected]
    
      <Directory /var/www/ispconfig/>
        <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      <Directory /usr/local/ispconfig/interface/web/>
        <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
    
      <IfModule mod_fcgid.c>
        DocumentRoot /var/www/ispconfig/
        SuexecUserGroup ispconfig ispconfig
        <Directory /var/www/ispconfig/>
          Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
          AllowOverride AuthConfig Indexes Limit Options FileInfo
          <FilesMatch "\.php$">
            SetHandler fcgid-script
          </FilesMatch>
          FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
                Order allow,deny
          Allow from all
              </Directory>
        IPCCommTimeout  7200
        MaxRequestLen 15728640
      </IfModule>
    
      <IfModule mpm_itk_module>
        DocumentRoot /usr/local/ispconfig/interface/web/
        AssignUserId ispconfig ispconfig
        AddType application/x-httpd-php .php
        <Directory /usr/local/ispconfig/interface/web>
          # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
          Options +FollowSymLinks
          AllowOverride None
                Order allow,deny
          Allow from all
                php_value magic_quotes_gpc        0
        </Directory>
      </IfModule>
    
      # ErrorLog /var/log/apache2/error.log
      # CustomLog /var/log/apache2/access.log combined
      ServerSignature Off
    
      <IfModule mod_security2.c>
        SecRuleEngine Off
      </IfModule>
    
      # SSL Configuration
      SSLEngine On
        SSLProtocol All -SSLv2 -SSLv3
        SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
      SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
      #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
    
      SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
      SSLHonorCipherOrder On
    
      <IfModule mod_headers.c>
        Header always add Strict-Transport-Security "max-age=15768000"
            RequestHeader unset Proxy early
      </IfModule>
    
      </VirtualHost>
    
    
    <Directory /var/www/php-cgi-scripts>
      AllowOverride None
        Order Deny,Allow
      Deny from all
      </Directory>
    
    <Directory /var/www/php-fcgi-scripts>
      AllowOverride None
        Order Deny,Allow
      Deny from all
      </Directory>
    
    
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Which exact error do you get when you try to access port 8080 with https on your server?
    Do you get any errors in apache error.log file when you restart apache?
     
  9. herrera

    herrera New Member

    When a go to m’y server on https i don’t have any result or response

    When i restart Apache i can see that :

    Code:
    Mon Sep 10 12:59:10 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Mon Sep 10 12:59:10 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
     
  10. Jesse Norell

    Jesse Norell Well-Known Member

    Maybe blocked by a firewall? You can run 'lsof -i :8080' and 'apachectl -S' to ensure apache is configured for and listening to port 8080. If it is, check the local host firewall, and any network level firewall and if you use nat, the port forwards as well, to make sure port 8080 is allowed and forwarded to the right place (if using nat).
     
  11. herrera

    herrera New Member

    Hi,
    Thank you for your answer, I have update my web server (Debian in ovh soyoustart) and ispconfig and this problem disappear (access to port 8080 on ispconfig)!
    Also, i have create one certificate for each website and activated ssl and let's encrypt to each website and redirection's problem was solved.
     

Share This Page