Wrong SSL being assigned to a domain when changing the sites IP address
My server provider recently requested I change my IP ranges. I was provided with new IP addresses and I imported these into WHM.
I then changed the main IP address used by Cpanel within the basic web host setup.
I know I have the option of using IP migration, but I am keen to change each website one at a time so I can spot any errors as they occur rather than having to potentially debug lots of issues at the same time.
I have been going through the "account list" and clicking the "+" sign next to the account. I then click the "Change IP Address" button. select the new shared IP and save it.
If I then refresh the website being "switched" I get an SSL error. When I try and view the certificate it is the wrong certificate. The cert being displayed is for another domain on the system. It is always the same domain cert that ends up being displayed in error on domains as I change their IP.
The strangest part is it does not affect all domains, only some and I can't see any rationale or reason for only some to be affected.
I am a bit lost over this one and any advice or guidance would certainly be most welcome.
Thanks in advance.
-
Hey there! That makes sense to me, as there is likely a brief period where the DNS for the site and Apache are out of sync. This causes Apache to load whatever vhost it thinks is the best response, which will be the first secure vhost on the system. You can work around this issue by setting up a default SSL vhost using the following guide: 0 -
Thank you for your reply. I suspect you are right about it being due to DNS. I tested with some of my own sites (as opposed to clients) and within an hour they were resolving fine and using the correct SSL. One thing that is strange... The initial SSL that was being incorrectly shown was from one of my reseller clients. They no longer hosted the site and their client had moved to Ionos. The webspace was still present and Auto SSL was still enabled (with no site) Technically there was no SSL being installed because the domain didn't resolve to the server. I simply disabled auto SSL for that domain, uninstalled the certificate and that prevented that SSL from being presented. Very odd that it would try and show an SSL for a site that doesn't even resolve to the server. Now the SSL being shown in error Is another client of a different reseller. This time the DNS does resolve to us and the site is a holding page. As I mentioned before the issue resolves itself within the hour so I am just doing it late into the night so it doesn't effect clients. 0
Please sign in to leave a comment.
Comments
2 comments