SSL / letsencrypt problems certificate applied to other sites.

Discussion in 'General' started by nhybgtvfr, Apr 4, 2017.

  1. nhybgtvfr

    nhybgtvfr Member

    Hi,
    i'm running a multiserver setup. ispconfig 3.1.2 with letsencrypt

    i have enabled letsencrypt for one site on one webserver. the site's certificate was created by enabling 'Lets encrypt SSL' from the domain page for the site. SSL is also enabled, although nothing is configured under the SSL tab.

    the certificate is created for the domains:
    DNS Name: cardigan-bay.co.uk
    DNS Name: cardigan-bay.com
    DNS Name: cardigan-bay.uk
    DNS Name: www.cardigan-bay.co.uk
    DNS Name: www.cardigan-bay.com
    DNS Name: www.cardigan-bay.uk

    cardigan-bay.com is the main domain configured in ispconfig. www is auto-subdomain, the other domains are aliases.

    the site is working fine, https is working ok for this site,
    but google is returning links to other sites on the same server for search results for 'llandre st dogmaels'

    https://www.internationalceramicsfestival.org/availability-late.php?ID=526
    https://rotas.co.uk/st-dogmaels-holiday-cottage.php

    these links load a page from cardigan-bay.com, under their own domain, trying to apply the cardigan-bay certificate to them.
    these sites are configured with ssl enabled, although, again, nothing is configured on the SSL tab.

    what is causing this? should ssl not be enabled on any of these sites? or just not enabled on the cardigan-bay site, only enabling LetsEncrypt?

    thanks
    lee.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Enabling SSL is not enough to have SSL on a website, SSL requires also an SSL cert. So if you have not created an SSL cert yet nor enabled lets encrypt, then the site has no SSL. If someone accesses now a website which shares the same IP, then he will get the content of the first ssl enabled website that apache finds. that's the normal behaviour of apache and nginx web server.

    You have the following options:

    a) do not use the same IP for ssl and non ssl sites.
    b) enable ssl (which means to create a ssl cert as well or enable LE)
     
  3. nhybgtvfr

    nhybgtvfr Member

    damn. of course. :oops: i was looking for some complicated problem. completely forgot about that apache behaviour. :rolleyes:
     

Share This Page