When changing IP address for domain/account, SSL no longer works?
I've spent a week troubleshooting this problem.
where 55.555.2.250 is my root IP.
The above IPs are the /28 subnet. These are the IPs I'm trying to use for the other domains.
Where 55.555.2.249 is the gateway for the /30 subnet of the root IP.
Where the UUID is the correct one, `xxxx` was used as a placeholder. Old DNS A record:
New DNS A record:
After restarting httpd, doing `rebuildinstalledssldb` and `buildhttpdconf`, and restarting server, the server is serving the SSL certificate for `host.domain.com` which is the hostname of the server (resulting in a "`not trusted, we couldn't identify since the SSL is for host.domain.com and not example.com`", despite the certificate for `example.com` being successfully installed on the server. But, if I change the IP for `example.com` back to the root IP `55.555.2.250`, then the correct and valid SSL certificate is served and the website goes back to the green "Trusted". How to solve this problem?
- fresh server install.
- one /30 subnet as root ip, and one /28 subnet installed.
- all has been running for a week, so propagation is not the issue.
- ipv4
- Attempts to delete all certificates for that domain and install a new one (valid let's encrypt cert) have no effect, the new certificate is also not being served.
- Attempts to delete all certificates from the server does not work, it still shows the server certificate on the "insecure" page when visiting the site (instead of the domain's cert).
- restarting server, httpd, and rebuildinstalledssldb and buildhttpdconf all have no effect.
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
55.555.2.250 host.domain.comwhere 55.555.2.250 is my root IP.
# cat /etc/ips
55.555.7.79:255.255.255.240:55.555.7.93
55.555.7.80:255.255.255.240:55.555.7.93
55.555.7.81:255.255.255.240:55.555.7.93
55.555.7.82:255.255.255.240:55.555.7.93
55.555.7.83:255.255.255.240:55.555.7.93
55.555.7.84:255.255.255.240:55.555.7.93
55.555.7.85:255.255.255.240:55.555.7.93
55.555.7.86:255.255.255.240:55.555.7.93
55.555.7.87:255.255.255.240:55.555.7.93
55.555.7.88:255.255.255.240:55.555.7.93
55.555.7.89:255.255.255.240:55.555.7.93
55.555.7.90:255.255.255.240:55.555.7.93
55.555.7.91:255.255.255.240:55.555.7.93
55.555.7.92:255.255.255.240:55.555.7.93The above IPs are the /28 subnet. These are the IPs I'm trying to use for the other domains.
# cat /etc/sysconfig/network
# Created by anaconda
HOSTNAME=host.domain.com
GATEWAY=55.555.2.249Where 55.555.2.249 is the gateway for the /30 subnet of the root IP.
# cat /etc/sysconfig/network-scripts/ifcfg-eno1
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eno1"
UUID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
DEVICE="eno1"
NM_CONTROLLED="no"
ONBOOT="yes"
IPADDR="55.555.2.250"
PREFIX="30"
GATEWAY="55.555.2.249"
NETMASK="255.255.255.252"
IPV6_PRIVACY="no"
DNS1="8.8.8.8"
DNS2="8.8.4.4"Where the UUID is the correct one, `xxxx` was used as a placeholder. Old DNS A record:
www.example.com IN CNAME example.com
example.com IN A 55.555.2.250New DNS A record:
www.example.com IN CNAME example.com
example.com IN A 55.555.7.81After restarting httpd, doing `rebuildinstalledssldb` and `buildhttpdconf`, and restarting server, the server is serving the SSL certificate for `host.domain.com` which is the hostname of the server (resulting in a "`not trusted, we couldn't identify since the SSL is for host.domain.com and not example.com`", despite the certificate for `example.com` being successfully installed on the server. But, if I change the IP for `example.com` back to the root IP `55.555.2.250`, then the correct and valid SSL certificate is served and the website goes back to the green "Trusted". How to solve this problem?
-
If cpanel doesn't work and the support doesn't reply for days, then I don't see the point of renewing my cpanel license for forty-five dollars per month next month. I'm going to go check out directadmin, maybe their panel works and maybe they actually have a support staff. 0 -
I feel the need to set expectations for the community forums. At no point are you guaranteed a response in a specific amount of time here. This is a community-driven forum. In the event you need immediate assistance I would implore you to open a ticket where our staff is present 24 hours a day 7 days a week. We do not make that same guarantee here and issues requiring immediate attention should be directed to our ticket system. I will take a look at your issue today but I will not guarantee the time, if you'd like to open a ticket let us know here and we'll update the ticket with your notes here. 0 -
I feel the need to set expectations for the community forums. At no point are you guaranteed a response in a specific amount of time here. This is a community-driven forum. In the event you need immediate assistance I would implore you to open a ticket where our staff is present 24 hours a day 7 days a week. We do not make that same guarantee here and issues requiring immediate attention should be directed to our ticket system. I will take a look at your issue today but I will not guarantee the time, if you'd like to open a ticket let us know here and we'll update the ticket with your notes here.
Thanks. looking forward to your reply. Additional items found is that when on another ip, it does to the defaultwebpage. And, in fact, if, in SSH, I do the command, "links 127.0.0.1", it also gives the defaultwebpage error in the SSH window. The defaultwebpage by the way is ridiculously annoying because it caches in the web browser and I know that cpanel does not have a way to reject the request to a 500 error (MUCH more preferable) instead of sending to the defaultwebpage which caches in user's browsers causing those visitors to never see your website again even after fixing, since most people don't know how to clear cache. BUT, that's another topic for another day.0 -
Hi @linuxserver How are you changing the site's IP address? cPanel/WHM expects you to do this through WHM>>Account Functions>>Change Site's IP address or WHM>>Multi Account Functions >>Change Multiple Sites' IP Addresses as it automatically updates references to the site/IP throughout the server, including the VirtualHost. From what I'm seeing from your responses it looks like you're changing the A record only - this would definitely cause the default site page. Something to keep in mind: 0 -
Hi @linuxserver How are you changing the site's IP address? cPanel/WHM expects you to do this through WHM>>Account Functions>>Change Site's IP address or WHM>>Multi Account Functions >>Change Multiple Sites' IP Addresses as it automatically updates references to the site/IP throughout the server, including the VirtualHost. From what I'm seeing from your responses it looks like you're changing the A record only - this would definitely cause the default site page. Something to keep in mind:
0 -
I think it'd be best if you opened a ticket, that way there won't be any further confusion about what's already been done. You can use the link in my signature to get instructions on how to open a ticket. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks! 0
Please sign in to leave a comment.
Comments
6 comments