• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Shared SSL for Linux

G

grundy

Guest
Hi All

I know this question has been asked before, and I have searched for a solution both here and using Google but I could just do with getting other opinions before I embark on this.

I have a Redhat server with Plesk 9.3, I need to setup a single SSL protected domain and allow many other domains on the same server to use its certificate for encryption. I have seen that Plesk for Linux does not support shared SSL via the panel, and I have also seen that it may be possible to do this using symlinks or possibly mod_rewrite. The sites that need to access the SSL protected domain are all PHP running as FastCGI, if possible I'd simply like the URL's to be like:

https://ssl_domain.com/non_ssl_domain.com/

Is this possible using symlinks? And if not can anybody briefly explain why not?

As mentioned above I'd really just like somebody's opinion who has tried to do this before. What is the best approach to take to achieve this? Would a wildcard certificate and subdomains be a better idea?

I've setup a few dedicated SSL's using Plesk, so I know about unique IP's etc. just never had to setup something like this.

Any help, pointers or links are greatly appreciated.

Thanks
 
It should work with multile SNI as I know, just in Lighthttpd of PLESK is not enabled. I have asked for this, but dunno if they will enable or not in the future.
 
Thanks lvalics

Have to admit I wasn't aware of SNI, but from what I've been reading it doesn't appear to be an option.

I'm going to try the symlink route first, this is what I'm thinking:

1. Create a single SSL enabled domain on its own IP.
2. Create directories on the SSL domain for each of the other non-SSL domains.
3. Create symlinks between theses new directories and the httpsdocs directory for each domain.
4. Change ownership of each of the new directories to the ftp user of each domain.
5. Add allow follow symlinks to a vhost_ssl.conf for each domain.

Am I on the right track here? I'm a bit unclear on how the permissions need to be set to keep each users directory secure, but I intend to give this a try tomorrow to find out.

I think the above *should maybe* work.

Anybody able to tell me where I'm going wrong with the above thinking?

Thanks again.
 
You must log in or register to reply here.

Similar threads

P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
759
mow
M
M
Resolved Error SSL Cert for email
Replies
7
Views
658
mihaitiberiu
M
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
889
tessa67
T
LionKing
Issue Cloudflare's proxy function and SSL certificates
Replies
16
Views
894
LionKing
LionKing
K
Question How do I restore an SSL Certificate on a different server?
Replies
4
Views
1K
Kroptokin
K
Back
Top