SSl problem

Discussion in 'General' started by MarcoLB, Dec 17, 2018.

  1. MarcoLB

    MarcoLB New Member

    SSL has activated in websites where it was not activated, now if I go to the URL of the site it gives me this message:
    "SSL_ERROR_BAD_CERT_DOMAIN"
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Has been explained many times in the forum. SSL is IP + port based protocol, so when you enable SSL for an IP address on your server, then all sites on that IP should have SSL enabled. If you fail to do so, then request to sites without SSL will end up on the first site on the server.

    So what you can do:

    a) Enable SSL for all sites.
    b) Use one IP for SSL enabled sites and another IP for sites without SSL.
    c) Create a default vhost (a site where the domain name is always first) to catch such requests so that they don't go to a customer site.
     
  3. MarcoLB

    MarcoLB New Member

    OK thanks,
    but from one day to the next all the sites do not work?
    cmq I enabled ssl to all websites, and created a site that came first of all.
    How can I access the website even if it gives me the error? at least to backup?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Another possibility is that you mixed up * and IP in the IPv4 field of the sites. ensure that all sites use * or all sites use the IP, don't mix that as an IP has precedence over a wildcard in apache and nginx web servers.
     
  5. MarcoLB

    MarcoLB New Member

    ok, I had on all sites the ip address, but in some cases the check of the ssl disappears, I read around but I did not understand much.
    How can I see a sensa ssl website? the system sets it by default
     
  6. nhybgtvfr

    nhybgtvfr Active Member

    if by this, you mean the ssl or letsencrypt checkbox in the control panel, they will be blank if ssl is not applied, the letsencrypt checkbox will uncheck itself if it fails to successfully get a certificate for the domain.

    do you mean how do you know what site it will display by default if it can't find the one requested?
    look in /etc/apache2/sites-enabled. it'll display the first one listed alphabetically ( with that port configured )

    eg if you have the conf files a, b, c, d, e. with a configured on port 8081, b, c, d, e configured with port 80. and d and e also configured for port 443, then a request for f, which doesn't exist, on port 80, will display site b, for port 443 site d, and for port 8081 site a.
    so if you want to create a default landing page for ssl requests to sites without certs, you're best to make a copy of /etc/apache2/sites-available/default-ssl.conf as 000-default-ssl.conf, edit it as required, and enable that.
     

Share This Page