Let's Encrypt SSL - Https redirects to wrong site

Discussion in 'Server Operation' started by Thomas CARTER, Jun 14, 2017.

  1. Thomas CARTER

    Thomas CARTER New Member

    Hi, just sharing...

    I have the latest Ispconfig with Lets Encrypt. I wanted to add 3 sites (let's call them one.com, two.com and three.com). For my first 2 sites in SSL no problem: on the Domaine tab I checked boxes SSL and Let's Encrypt SSL, passed to the Redirect tab and checked Rewrite HTTP to HTTPS. Everything worked. In Chrome one.com redirected to https://one.com with the little lock symbol. Two.com ok too.


    The third site (three.com) was a development site which I called three.temp.com with alias to three.com. This I clearly broke Let's Encrypt. Putting three.com or three.temp.com into Chrome redirected to two.com. I unchecked the redirection, then unchecked SSL and Let's Encrypt SSL, then cleared my Chrome cache, even tried IE. No change URL three.com always redirected to https://two.com. I rechecked the boxes etc, no change. I removed the alias and renamed the site three.com. No change.


    Eventually I Putty'd into the server. In /etc/letsencrypt/live I found folders with symbolic links to /etc/letsencrypt/archive with 3 folders containing the .pem files

    one.com

    two.com

    three.temp.com (even though I'd unchecked everything)


    I removed the 2 folders /etc/letsencrypt/live/three.temp.com and /etc/letsencrypt/archive/three.temp.com and rechecked the boxes SSL and Let's Encrypt SSL and Rewrite HTTP to HTTPS and the problem was solved: three.com now correctly redirected to https://three.com


    So what I think happened was the alias upset Let's Encrypt which created a non-valid certificate. Apparently it's normal to redirect to the first valid certificate if the requested certificate fails. Then when having removed the alias issue I tried to recheck the boxes, instead of recreating a good certificate it just reconnected to the bad one.


    If this helps anyone I'll be glad. I anyone can shed some light on the why's behind all of this that would be good.


    Regards,

    Thomas CARTER


    PS : Let's Encrypt is a real life-saver and the new-look Ispconfig is a real joy. Thanks for all the good work.
     

Share This Page