• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Plesk 7.5.1 Shared SSL HOWTO

R

raygp

Guest
Plesk 7.5.1 Shared SSL Howto.

There has been alot of talk about shared SSL on these forums so I decided to create a little howto (actually, I created an installation program that automates everything)

Follow the procedure below to setup shared SSL on your Plesk 7.5.1 Server. (Also, see the notes and limitations below)

Step 1:
SSH Into Your Server as root

Step 2:
Type the following (excluding the # sign)
# wget http://hosting.vsourse.com/downloads/shared_ssl_installer

Step 3:
Type the following (excluding the # sign)
# perl shared_ssl_installer

Step 4: Follow the instructions and you are setup.

That's IT.




Questions?: Post Here (No promises to get back to you)

NOTES and Limitations:
This Shared SSL Takes Up a Domain Account on Your Server which cannot be used as a regular hosting account.

This Type of Shared SSL is Secure as far as users being able to open files on other users' directories. It will not let that happen. It actually emulates going to https://domain/

This Type of Shared SSL currently supports GET and POST Form Methods. It does NOT support Advanced Features Like Cookies and Password Protected Directories. (Yet)

This sets up shared ssl so that to get to https://domain/ you type https://secure_domain/domain/

This script is freely available, but I assume no responsibility if things go wrong or if someone modifies it and it messes things up. ( This is why it is best to get the script from http://hosting.vsourse.com/downloads/shared_ssl_installer )

This script does NOT Mess with Plesk in any way. Therefore it Will Not Break Plesk

Removing the Program is easy, simply remove the domain that is created in your control panel.

It has only been tested with Plesk 7.5.1 on RHEL3 and Fedora Core 2. (It should probably work with other linux's)
 
I'm gettings the error....

Failed: 500 Can't locate object method "new" via package "LWP::protocol::https::Socket"
Click to expand...

On my RedHat 9 server with plesk 7.5.1
 
Perl Module needed

For Those of you that are getting the error Messages

Failed: 500 Can't locate object method "new" via package "LWP::protocol::https::Socket"

or

Failed: 501 https protocol not supported.

You Must install the Perl Package Crypt::SSLeay for this program to work.

Just follow the instructions below:

Step 1:
SSH Into Your Server as Root

Step 2
Type the following Commands (excluding the # signs)
# wget http://search.cpan.org/CPAN/authors/id/C/CH/CHAMAS/Crypt-SSLeay-0.51.tar.gz

# tar -zxvf Crypt-SSLeay-0.51.tar.gz

# cd Crypt-SSLeay-0.51

# perl Makefile.PL

# make

# make test

# make install

It should be working after that.
My Servers already have that module installed when I get them, so for my servers, I don't have to do this.

Hope this helps.
 
Thanks, I installed Perl Package Crypt::SSLeay and now it works.
 
Hi.

I have the script installed... It works for every domain except for ONE...

I am getting the error:
Failed: 404 Not Found

but the URI is being typed correctly.

any suggestions?
 
New Version

I have posted a new version of the Shared SSL Installer.

You can get it by downloading it using the same link.
http://hosting.vsourse.com/downloads/shared_ssl_installer

If you already have the old version installed, remove the secured domain in plesk then run this installer just like the last time.

If you do not have it installed, simply install it as indicated earlier in this posting.

(Improvements)
It now supports common internet mime types like pdfs, word documents, excel spreadsheets and various image types. Before, it you tried to download a word document through SSL, you would just get garbage.

A bug was discovered in the script. This bug would store information from the last session and (in certain situations) it would release that info again. This can (in rare cases) turn out to be a security risk. The bug has been fixed.
 
It seems to work now :)

THANKS!!!!

I am having another issue...

I have a site with xcart and at the end of the "cart" (during checkout)

I get a "Failed: 302 Found"

I think there may be to many redirects...

I'm not sure though... I have been trying to modify the config for Apache with no success.

Any suggestions?
 
Sorry

Sorry. The Script cannot (yet) handle redirects.

What's happening is that the apache server is sending a redirect code (302) which in normal cases tells the browser to go elsewhere. The Shared SSL script does not recognize the code and therefore outputs the error.

I am not familiar with x cart but it sounds to me like it has something to do with the x cart software. Maybe there is a way that you could change this redirect into an apache rewrite rule.
(I am just giving suggestions).


There are several other features that this script cannot handle but, whenever I have some spare time, I try to work on solutions. Some of the features not handled are cookies, password protected directories, special apache codes such as the formentioned 302 redirect.

Good news is that the new version now handles several common mime types and can therefore output word documents, excel spreadsheets, pdf documents, and more.
 
I've installed this script and it is working only for domains with its physical hosting under a Shared IP. There is one domain that keeps giving me this error:

Failed: 500 Connect failed: connect: Connection refused; Connection refused

I tried to switch that over to a Shared IP, restarted Apache and I still got the same error. What could be the cause of this?
 
Hello,

When I run this script, the first thing it asks is: Do you agree.. your own risk...? And I can't seem to answer it correctly.

I've tried Yes, yes, YES, y, Y, and <Enter> - but nothing works, it just keeps exiting the installer..

Any ideas?

Thank you,
Jeff Homan
 
Here is another method using mod_rewrite to access https://secure.yourdomain.com/theirdomain.com/

First add secure.yourdomain.com to Plesk (as a domain, not a subdomain).

in /home/httpd/vhosts/secure.yourdomain.com/conf place these

vhost.conf:

Code: 
RewriteEngine on

RewriteCond     %{HTTPS}        off
RewriteRule     (.*)            https://%{HTTP_HOST}%{REQUEST_URI} [R]
(redirects all non-HTTPS requests to HTTPS)

vhost_ssl.conf:
Code: 
SSLProxyEngine  on
SSLProxyVerify  none

RewriteEngine   on
RewriteMap      lowercase int:tolower

RewriteCond     /home/httpd/vhosts/${lowercase:$1}      -d
RewriteRule     ^/([^.]+\.[^\/]+)(.*)                   https://${lowercase:$1}$2 [P]
(enables Apache SSL proxy engine, tests /home/httpd/vhosts/theirdomain.com exists and proxies the request through to https://theirdomain.com/ internally.

then execute
Code: 
/usr/local/psa/admin/sbin/websrvmng --vhost-name=secure.yourdomain.com
 
Big question about the Shared SSL and files outside the web root

I've installed this Shared SSL and it's working fine, so long as the website I'm securing doesn't have files outside the webroot. Then I get an open_basedir restriction. Here's the information:

---

domainA.us is the domain my SSL is installed on and domainB.com is the domain that needs to be secured.

https://www.domainB.com works fine, BUT if domainB references files outside its web root, I get errors.

http://www.domainB.com has its open_basedir set to:
/home/httpd/vhosts/domainB.com (which is correct)

BUT https://domainA.us/domainB.com has its open_basedir set to:
/home/httpd/vhosts/domainB.com/httpdocs (NOT correct)

I have gone into the vhost.conf AND vhost_ssl.conf files for domainA.us and inserted the following but it hadn't had an effect:
<Directory "/home/httpd/vhosts/domainA.us">
php_admin_value open_basedir /home/httpd/vhosts/domainB.com:/tmp
</Directory>

<Directory "/home/httpd/vhosts/domainB.com">
php_admin_value open_basedir /home/httpd/vhosts/domainB.com:/tmp
</Directory>

---

It seems that no matter what I do, I can't get the secure domain to set PHP's open_basedir value correctly. Any idea what I might be doing wrong? Do different rules apply when using this SSL?
 
New URL to get the Shared SSL Installer

I realized that we haven't had the shared SSL Installer available for a while. This is because we are now at http://www.vsoursehosting.com

Step 1:
SSH Into Your Server as root

Step 2:
Type the following (excluding the # sign)
# wget http://www.vsoursehosting.com/downloads/shared_ssl_installer

Step 3:
Type the following (excluding the # sign)
# perl shared_ssl_installer

Step 4: Follow the instructions and you are setup.

That's IT.


If there are any questions, please email to [email protected] I will be happy to help you.
 
I used this script on a version 8.2 Linux install with a few minor issues:

1. The script referenced a previous Web Home directory instead of /var/www/vhosts/ which I corrected manually, and
2. The script makes a call to Plesk to create the Domain and the call is not complete - I had to create the domain manually, then run the script, and
3. The sharedssl.pl script that the script relies on also references the previous Web Home which I changed manually.

All in all the solution runs beautifully for us!

Regards,

Al Ponte
Sarandipity Sentiments
 
You must log in or register to reply here.

Similar threads

Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2
Replies
28
Views
5K
marcoherzog
M
Oscar Segura
Issue Upgrading from Ubuntu 20.04 to 22.04: failed reboot
Replies
0
Views
923
Oscar Segura
Oscar Segura
P
Question PHPMailer, DKIM, and Plesk
Replies
2
Views
472
Kaspar
K
eric91611116
Issue First trial with SSL certificate / Authorization for the domain failed.
Replies
1
Views
1K
Peter Debik
P
K
Forwarded to devs Environment variable for DNS related update events always passes new domain back
Replies
2
Views
308
Peter Debik
P
Back
Top