One IP address, many SSL certificates (SNI not working?)
CENTOS 6.5 - WHM 11.44.1 (build 18), so SNI should be supported.
I have one domain (account?) but it needs to serve the same content for six different hostnames. (let's call them alpha, beta, gamma, delta, epsilon, zeta). DNS for alpha - zeta will all point to the same IP address ( A records, not CNAMEs).
I have six signed SSL certificates, one for each of alpha, beta, ... zeta. I'm told by my ISP that I must use SNI to serve multiple certs on the same IP address, and that WHM can support this. Searching cPanel documentation and official blogs tell me "yes it can be done" but not how.
What I've done so far:
- I have one domain (acccount?) named "hostname.com"
- I have added six parked domains ("Home "DNS Functions "Park a Domain"), one for each of alpha, beta, ... zeta, all parked on "hostname.com"
- I go to "Home "SSL/TLS "Install an SSL Certificate on a Domain" where I fill in these fields:
- domain: alpha
- ip address: xxx.xxx.xxx.xxx ("shared")
- certificate, key, and certificate authority bundle are entered and validated by the interface
If I go to "Home "SSL/TLS "Manage SSL Hosts" I see that the certificate is installed, and the 'domains' field shows all of "hostname.com", "alpha", "beta", ... "zeta". the "Needs SNI?" field says "no" and I don't know how to change this.
- I go to "Home "SSL/TLS "Install an SSL Certificate on a Domain" where I fill in these fields:
- domain: beta
- ip address: xxx.xxx.xxx.xxx ("shared")
- certificate, key, and certificate authority bundle are entered and validated by the interface
If I go to "Home "SSL/TLS "Manage SSL Hosts" I see that the certificate for alpha is gone, and now the certificate for beta i, and the 'domains' field shows all of "hostname.com", "alpha", "beta", ... "zeta". the "Needs SNI?" field says "no" and I don't know how to change this.
-
Hello :) Parked domains cannot have their own SSL certificates because they do not have their own Virtual Host. However, you could configure the domain names as "Addon Domains" and that will allow them to have their own Virtual Host entry in the Apache configuration file. Thank you. 0 -
(forums.cpanel.net was giving me blank pages when I tried to post, and cut off the last part when it finally did) My end result should be: - has a valid SSL cert, on ip address abc.def.fed.cab, and shows the content for ~user1/public_html - has a valid SSL cert, on ip address abc.def.fed.cab, and shows the content for ~user1/public_html - has a valid SSL cert, on ip address abc.def.fed.cab, and shows the content for ~user1/public_html Before someone tells me I'm asking for the wrong thing: this is one website, with multiple languages, and the hostname is different in different languages. The content is translated by the CMS, documents are in one place and uses the same pathnames on-disk. 0 -
> you could configure the domain names as "addon Domains" According to the cPanel documentation: The main domain appears in the address bar. (addon domain) yes > This type of domain is ideal for multiple domains that share the same address. (addon domain) No The content to be served is not in a subdirectory, they're in the same place. All six hostnames with signed SSL certificates must serve the documents in ~user1/public_html . I need "alpha", "beta", etc to apperar inthe address bar, not "hostname" nor "user1" This is explictly multiple domain-names using the same IP address, which your documentation says is "not ideal." Furthermore, the documentation 0 -
I just tried adding an Addon Domain using cPanel for the domain/account, because I wasn't able to find an Addon Domain feature in WHM. > Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server. Please transfer the domain to this servers nameservers or have your administrator add one of its nameservers to /etc/ips.remotedns and make the proper A entries on that remote nameserver. I have to configure this before we launch. But cPanel wont' let me configure it until after we launch. So does that mean I can't use addon domains for this? I hope I don't need to resort to editing apache configs by hand, because I'm certain that will cause havoc with cPanel as it and I wrestle for control. 0 -
I wish I could edit previous posts to wipe out mistakes or typos caused by "connection to forms.cpanel.net timed out" Found the source of the error in cPanel: I had to [LIST] - return to WHM, go to "Home "Server Configuration "Tweak Settings" and change "Allow Remote Domains [x] On". This is weird because (a) there's already an entry in /etc/hosts for the hostname I'm trying to make an addon domain, pointing to this machine, and (b) there is no DNS A record yet for the hostname, so it shouldn't resolve to anybody else's machine even if cPanel ignores /etc/resolv.conf and /etc/hosts for some reason. "Allow unregistered domains [x] On" was already turned on, but I needed to turn on 'allow remote domains' too. So I flip those switches in WHM, then [LIST]
- go to cPanel to "Domains " Addon Domains",
- enter the alternate hostname where it asks for a domain name
- use garbage for username and password
- leave the "Document Root" as default, because I want it NOT to destroy files that are already there.
- click "add domain"
- cilck "go back"
- find the new addon domain in the table at the bottom of the page
- click on the pencil-and-envelope icon in the Document Root column, and change it to '/public_html'.
- Then go back to WHM, "Home "SSL/TLS "Install an SSL Certificate on a Domain",
- type in the name of the addon domain,
- explicitly select the IP address,
- paste in the site's *.crt file, the *.key file, and the intermediate *.crt.
- click "install" I think I've got it now, but what I've done seems to contradict what I've read in official documentation. It seems Addon Domains *don't* make the main domain appear in the address bar, and *do* work well for multiple domain-names that share the same IP address.
0 -
] I think I've got it now, but what I've done seems to contradict what I've read in official documentation. It seems Addon Domains *don't* make the main domain appear in the address bar, and *do* work well for multiple domain-names that share the same IP address.
Right, addon domain names should be suitable for your requirements. The primary domain name associated with the account does not appear in the address bar and you can update the document root to the public_html directory itself. Thank you.0
Please sign in to leave a comment.
Comments
6 comments