Problem with multiple IP-Addresses and SSL

[Benni]

Hi there,

I'm quite new to all of this, so please be patient

I've just set up a new Ubuntu 14.04 Server with Plesk 12 (hosted by Strato) and added a second IP-Address.

In this case, the primary IP-Address is: 12.345.678.901

The Server is running with nginx reverse proxy activated. Now when it comes to ssl encryption for my domains, all domains on the second IP work as expected. But if I try to access any domain on the primary IP (doesn't matter if the domain is protected by a bought certificate or a self signed) the browser throws the error ERR_CONNECTION_CLOSED and the nginx log says the following:

[error] 4327#0: *8 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 123.456.789.012, server: 12.345.678.901:443

There's no entry in the apache log-files for that event.

If I switch the domain to the other IP everything is working as expected.

What can I do to fix this and why does this error appear?

Thank you in advance.

Best Regards
Benni

 

[UFHH01]

Hi Benni,

please see the cause and the resolution suggested at this KB - article: http://kb.odin.com/124771

 

[Benni]

Hi Benni,

please see the cause and the resolution suggested at this KB - article: http://kb.odin.com/124771

Hi,

I created a new certificate like described in the first step. As Domain I entered my own, not the server domain. I think that should be right.
But I can't use this certificate like described in Step 2. The list shows only the default one and not the new one.

 

[UFHH01]

Hi Benni,

you will notice, that there are several ways to create a NEW certificate.
One way is to create a server certificate over: Home -> Tools & Settings -> SSL Certificates
Another way is to create a subscription certificate at: Home -> Subscriptions -> subscription.tld -> Websites & Domains> domain.tld => Hosting settings => SSL

SERVER certificates can be assigned for a specific domains and for specific IPs, but if you create a certificate in your subscription SSL - settings, these certificates can only be used in the very same subscription and for the very specific IP.

Please test BOTH options, to see the differences and if it doesn't work the first way... just delete the just created certificate and start over again. In germany we have a saying called: "Practice creates masters". Test as well the option to assign a server certificate for one of your IPs ( "Home -> Tools & Settings -> IP Addresses" ), please, so you get used to all kinds of possible certificates assignements.

 

[Benni]

Hi,

thank you for the detailed description. I'm quite sure I have allready tried all these ways without any success :/ I'll try it again and post every way and the result of it here.

But I've got not to much hope that this will help :/ I'll write again when I'm done with testing.

"Übung macht den meister" hoffen wir mal das dass hier auch klappt

 

[Benni]

Hi,

so I think I tried every possible way. I even reinstalled the Server before testing. Still no success. That where my steps

1. login as admin -> home -> clients -> new one with subscription "unlimited" and domain.com
2. At the moment there is only one IP Adress 11.11.11.11
   
3. domain.com works, https://domain.com works too.
   
4. Tools & Settings -> IP-Addresses -> add -> 22.22.22.22, shared, default certificate
   
5. domain.com works, https://domain.com throws ERR_CONNECTION_CLOSED
   
6. Clients -> client -> domain.com -> add new domain -> domain2.com -> hosting access -> IP -> 22.22.22.22
   
7. domain2.com works, https://domain2.com throws ERR_CONNECTION_CLOSED
   
8. home -> tools & settings -> ssl certificates -> add (domain *.domain.com and self signed. name = self signed 01) -> set this as default
   
9. home -> tools & settings -> ssl certificates -> add (domain *.domain2.com and self signed. name = self signed 02)
   
10. home -> tools & settings -> ip addresses -> asigned both self signed certificates to the matching ips
    
11. domain2.com works, https://domain2.com throws ERR_CONNECTION_CLOSED
    
12. Clients -> client -> domain1.com -> hosting access -> IP -> 11.11.11.11
    
13. domain.com works, https://domain.com throws ERR_CONNECTION_CLOSED
    
14. Clients -> client -> domain1.com -> hosting settings-> ssl certificate -> self signed 01
    
15. domain.com works, https://domain.com throws ERR_CONNECTION_CLOSED
    
16. home -> tools & settings -> ssl certificates -> self signed 02 -> set this as default
    
17. Clients -> client -> domain2.com -> hosting access -> IP -> 22.22.22.22
    
18. Clients -> client -> domain2.com -> hosting settings-> ssl certificate -> self signed 02
    
19. domain2.com works, https://domain2.com throws ERR_CONNECTION_CLOSED
    
20. Clients -> client -> domain2.com -> secure website -> add (domain = domain2.com) -> self signed
    
21. Clients -> client -> domain2.com -> hosting settings-> ssl certificate -> domain 02
    
22. domain2.com works, https://domain2.com throws ERR_CONNECTION_CLOSED
    
23. Clients -> client -> domain1.com -> hosting access -> IP -> 11.11.11.11
    
24. Clients -> client -> domain1.com -> secure website -> add (domain = domain1.com) -> self signed
    
25. Clients -> client -> domain1.com -> hosting settings-> ssl certificate -> domain 01
    
26. domain1.com works, https://domain1.com throws ERR_CONNECTION_CLOSED
    
27. Clients -> client -> domain1.com -> hosting settings -> disabled ssl -> save
    
28. Clients -> client -> domain1.com -> hosting settings -> enabled ssl -> save
    
29. domain1.com works, https://domain1.com throws ERR_CONNECTION_CLOSED

I know instead of switching the IP under hosting access it probably would have been faster to create a new subscription.
Anyways... did I forget something or did anything wrong? Cause it's still not working ... :/