1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

SSL on shared IP

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by Vipa, Nov 16, 2010.

  1. Vipa

    Vipa New Pleskian

    22
    57%
    Joined:
    Jan 22, 2007
    Messages:
    14
    Likes Received:
    0
    Hi,

    it seems like SSL certificates are not handeled correctly on shared IPs.

    I got several domains and one IP, one of my domains is a webshop which needs a working SSL certificate, so up until now I installed this certificate for the IP and it worked. After updating to Plesk 10.0.1 there is another (wrong) certificate installed for the IP which I can't change as it seems. Or better I can change it in plesk and it is shown correctly in plesk, but if i go to the domain another certificate is used...


    I have set the certificate under Start > Server Tools > Ip Adresses

    If I go to Websites & Domains > Web Hosting Settings of one of the domains using this shared IP, the correct SSL certificate is shown.

    But if I go to the domain (by browser https://...) the certificate which is used is a total different one. It is a Plesk generated/expired one.


    This one is crucial, as the shop is more or less out of order, as long as the wrong cert is used.

    Thanks for your help.


    -----------------------------------------------------------------
    Plesk, 10.0.1, Linux, Ubuntu 8.04.4, 64bit
     
    Last edited: Nov 16, 2010
  2. Vipa

    Vipa New Pleskian

    22
    57%
    Joined:
    Jan 22, 2007
    Messages:
    14
    Likes Received:
    0
    No one with any ideas on this one?
    Or was I too unclear? If so, please let me know.
     
  3. ugr|dual

    ugr|dual New Pleskian

    22
    57%
    Joined:
    Jan 30, 2009
    Messages:
    18
    Likes Received:
    0
    normally you would need a dedicated ip for ssl to work.

    but your approach is ok - have the certificate in plesk (server, not in web hosting!) and assign it to the ip.

    make sure you don't have any ssl stuff in the web hosting section.

    this way the certificate weill work füpr every domain on the ip. however, only the one it was made for will give no error when used with ssl.
     
  4. Vipa

    Vipa New Pleskian

    22
    57%
    Joined:
    Jan 22, 2007
    Messages:
    14
    Likes Received:
    0
    Thx for your reply,
    that is exactly what I did.
    And it worked on 9.5.3 but on 10.0.1 it isn't working.

    Plesk is always using this selfsinged/expired certificate instead of the one I selected for the IP.
    And in the webhosting section I can't change the certificate, because there is no dropdown for a domain
    on a shared ip, but it shows the certificate I selected for the IP.
    So in the admin interface everything looks perfectly fine.
    But it still uses the wrong one.
     
  5. Vipa

    Vipa New Pleskian

    22
    57%
    Joined:
    Jan 22, 2007
    Messages:
    14
    Likes Received:
    0
    Issue is fixed now.

    It was due two files, which haven't been removed during update for some reason.

    /etc/apache2/conf.d/zz001_horde_vhost.conf
    /etc/apache2/conf.d/zz001_atmail_vhost.conf

    removing them and rebuilding configuration totally fixed it.

    usr/local/psa/admin/sbin/httpdmng --reconfigure-all
     
  6. Techforce

    Techforce Guest

    0
     
    Thank you for posting this, I have same problem. Will try.
     
  7. oerlemans

    oerlemans New Pleskian

    22
    73%
    Joined:
    May 18, 2006
    Messages:
    23
    Likes Received:
    0
    I have same problem but this solution is not working for me.
     
  8. DiagonalR

    DiagonalR New Pleskian

    10
     
    Joined:
    Jan 29, 2013
    Messages:
    1
    Likes Received:
    0
    we are getting SSL certificate only for our domain or sub-domain then why IP matters here
     
  9. Hostasaurus.Com

    Hostasaurus.Com Regular Pleskian

    30
    68%
    Joined:
    Oct 8, 2009
    Messages:
    465
    Likes Received:
    8
    The issue you all might be experiencing is the support in Plesk 10+ for SNI in Apache if the version of Apache installed has that feature. SNI allows a browser to inform the server of what site it plans to request prior to the SSL connection being established. So, in Plesk 10, if you have an SSL installed at the site level on a shared IP, it will only work correctly if you're using an SNI-capable browser. Alternatively, if you've installed an SSL on the shared IP with the intent that it be used for all the sites on that IP, such as a shared SSL, that will not work correctly unless you also install it at the site level and assign it.

    If you do the install at the IP level and a browser that doesn't support SNI accesses the site, it will work correctly. However, if you are trying to use unique SSL's on each site and the browser doesn't support SNI, or the server doesn't support SNI, that will never work correctly. Since a lot of older browsers are still out there, you're basically stuck using unique IP's for each unique SSL-based site, for at least probably a couple more years.
     
Loading...