Putting https on sites without activated ssl redirects to first site with activated ssl

Discussion in 'Installation/Configuration' started by Bonzo, May 27, 2021.

  1. Bonzo

    Bonzo New Member

    It's weird so I don't even know how to put a proper title for it.
    ISpconfig is the latest version, Ubuntu 18.04, installed and configure according to the howto. Multiserver setup (2 servers, 1 web and 1 mail).
    If I try to add https on a site where SSL is not activated, apache redirects to the first site in alphabetical order that has ssl activated and it wants to use this sites certificate and that throws a warning. Desired behavior would be not to allow that or maybe redirect to a default error page with something like
    Redirect 403 /
    ErrorDocument 403 "Not allowed"
    I've tried to activate the default-ssl.conf and put this snippet in there, but still same behavior.
    You can replicate that behavior by using https://<IP_OF_YOUR_SERVER>. I was able to replicate that on every server with apache2 and ispconfig installed.
    Any idea how I could prevent this ?
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Apache just uses the first vhost for the addr/port, it doesn't redirect; if that is happening it's probably the website itself doing it. Creating a default ssl site is the solution to control the content, you can do that is ispconfig with a fake domain name (eg. aaaaa-default.com).
  3. Bonzo

    Bonzo New Member

    I've tried that,
    I've tried that. Didn't work, still uses the certificates of the domain that apache used before. I also activated the ssl-default.conf site. No change. But with the information you gave me I can better search for a solution now. Thanks
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You might find clues in the output of 'apachectl -S'.
  5. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    did you change the name of default-ssl.conf before you activated it?
    if not, and your first enabled ssl site starts with a number or A - C or Da - Dee then it's still going to show that first.
    disable the default-ssl.conf site, rename default-ssl.conf to 000-default-ssl.conf and then re-enable that site.
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Simply add a "000aaa.xyz" website with a self-signed SSL cert to ISPConfig, which will work as default SSL site.

Share This Page