A domain on our server is loading the SSL cert of another unrelated domain
One of our sites seems to be having a weird and, so far, unfixable ssl cert problem.. the domain on our server is loading the SSL of another unrelated domain not on our server,
The domain in question has a dedicated IP so its not a SNI / shared IP issue.. as far as we can tell, anyway.
We have deleted and regenerated the SSL cert via WHM (and cPanel) auto ssl manager using Let's Encrypt.. (FYI: the site was just recently moved from a EOL cPanel 110 server, retaining it's previous IP and whatnot.)
The SSL status says its all good, details show it's the Let's Encrypt cert.. but when you load the site, it's still some other domain's cert cache/data/cookies all have been cleared for that domain, no effect.
So... Now what? How do get this fixed?
-
Hey there! I'm not sure if the Forums will be a good candidate to help with this type of issue, since we have to work in hypotheticals and can't share the domain/user/IP address here.
The most likely explanation in a case like this is odd DNS behavior. I'd recommend trying to run this command from another server or your local workstation, if possible, to ensure that domain is connecting to the correct host, as this will show the SSL connection and the IP address at the same time:
curl -v https://domain.com
Just replace "domain.com" with the domain you're working with to run the command.
If you don't find much with that, it would be best to create a ticket so this can be investigated.
0 -
I just tried it and curl reported:
curl : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
At line:1 char:1
+ curl -v https://www.[domain].comSo something in the configuration cPanel did is messed up for this domain. Can't open a ticket as it forces me to use the datacenter's support and they don't want to really help with this, so any other ideas or suggestions?
0 -
You can always purchase your cPanel license directly from us and then you would be eligible for our support. Otherwise you'll likely want to work with a third-party to get the issue resolved as we'll need server access to fix this one.
0 -
You guys have worked tickets on my server's before.. not sure why it won't let me create a new one now..
Thanks for your reply cPRex.. Rawr!
one day this might get fixed.. one day.
0 -
We updated our support guidelines in December so only direct license holders can contact cPanel support. If the license is purchased elsewhere, that provider should be your first contact for support issues, and then they can escalate the problem to us if necessary.
0 -
They don't seem to think it's a cPanel problem.. It happened after moving the site to a new server with the same IP as it had before.. it's the only site in the move that is having an issue like this and I'm 110% stumped as to what to do next.
0 -
Just a couple screenshots showing what' we are seeing. (there are times when it shows the default 404 page too)
connecting to http (unsecured) we get:
connecting to https (SSL secured) this happens:
same for subdomains set up on this domain with one exception; www.subdomain1.domain.com loads it's site (we've never used www. on a subdomain before)
Pretty weird, right?
0 -
Thanks for sharing those. The "Sorry" page is most often caused by a mismatch between the IP address configured in DNS and the IP address configured in the Apache vhost for the domain. Does that seem to be the case with this account?
0 -
No, I've checked both the DNS zone and apache.conf and the IP's match as far as I can tell. Not sure what's happening here at all
<VirtualHost 66.xxx.xxx.89:80>
ServerName [domain].com
ServerAlias ipv6.[domain].net ipv6.[domain].org mail.[domain].com mail.[domain].net mail.[domain].org [domain].net [domain].org www.[domain].com www.[domain]$.. etc
DocumentRoot /home/[username]/public_html
ServerAdmin webmaster@[domain].com
UseCanonicalName Off## User [username] # Needed for Cpanel::ApacheConf
<IfModule userdir_module>
<IfModule !mpm_itk.c>
<IfModule !ruid2_module>
<IfModule !mod_passenger.c>
UserDir disabled
UserDir enabled [username]
</IfModule>
</IfModule>
</IfModule>
</IfModule># Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
# To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
# the user's .htaccess file. For more information, please read:
# http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
<IfModule include_module>
<Directory "/home/[username]/public_html">
SSILegacyExprParser On
</Directory>
</IfModule>and so on.. same for ssl :443
would packaging up the account, deleting account in WHM, then restoring it from the packaged tar.gz possibly work, or?? I'm out of ideas here..
0 -
No, I don't think deleting the account would change anything. It's definitely time to create a ticket with your host.
0 -
Ok, desperate attempt; I tried removing it's assigned IPv6 IP and apparently that worked (for us on IPv6 enabled ISPs).. so somehow one of our IPV6 IP's point to or is routing to some random website..
other IPs in the immediate range , i.e. ::1, ::2, etc all work correctly..
The website seems accessible now and I'm not getting reports any longer.. so we'll monitor and go from there.
thanks for all the answers and your time cPRex 🐱🐉Rawwr!!
This whole thing is weird beyond anything I've seen before.
0 -
Well that's certainly interesting and not something I would have come up with by guessing over the Forums, but glad you figured that out!
0
Please sign in to leave a comment.
Comments
12 comments