0

I have full server control (WHM, CPanel, CentOS 5). I set up a sub domain in CPanel.

Now, a very odd problem to me. http://subdomain.site.com is properly going to its root path and displaying as such.

However, https://subdomain.site.com, although the url remains looking just like that, displays the content from the path linked to www.site.com. Has anyone seen behavior like this? If so, what could the culprit be?

I'll need some somewhat detailed responses if I'm going to be editing anything in WHM or via SSH as root - I want to be very careful I don't mess anything up...and this is semi new to me.

Thanks!

update:

Apache Server!

Shackrock
  • 208
  • 6
  • 16
  • 2
    Could you, please write at least the webserver, you are using: (apache, nginx)? Didn't you forget that a website for "http" and for "https" are different virtual hosts? May be it is worth posting some configuration files? – HUB Jul 19 '11 at 14:46
  • Agreed HUB, we need more info. If you are using Apache you should be able to add the subdomain to the httpd.conf or create its own .conf for it and reload apache. cPanel should have let you set the doc root during the subdomain setup, however, it is not difficult to manually add this. – Chase Jul 19 '11 at 16:58
  • @HUB sorry, Apache! I really don't feel comfortable posting config files... – Shackrock Jul 19 '11 at 23:40
  • @Chase Indeed I did set the doc root for the subdomain. That is why subdomain.site.com works fine. However it's the HTTPS that redirects incorrectly... so I assume I do need to get into the conf files, I just have no idea where to find them, what to edit/add... – Shackrock Jul 19 '11 at 23:41
  • @Shackrock ssh to your server and the Apache configs are located in /etc/httpd/conf/httpd.conf Just create a virtual host for yoursite.com:443 as opposed to :80. you will need to reference the SSL cert in your config as well if you want it to be trusted. – Chase Jul 22 '11 at 16:19
  • @chase IN httpd.conf, all of the virtual hosts are say: `# DO NOT EDIT. AUTOMATICALLY GENERATED. IF YOU NEED TO MAKE A CHANGE PLEASE USE THE INCLUDE FILES.` ... so I am scared to edit... – Shackrock Jul 23 '11 at 13:12
  • I think you will be okay if you edit the .conf, however, use vi and search for includes (/includes) which should be the conf.d directory. But you should be fine adding it in either place. I will test on my cPanel Server today when I get a chance and let you know – Chase Jul 25 '11 at 15:18

2 Answers2

2

It's a common limitation of Apache/SSL using standard SSL certificates (you can avoid this using wildcard or multi-domain certs as Shane mentioned above)

Since everything is encrypted, Apache doesn't know what is the host header, so he doesn't know which certificate to load.

The first/default vhost binded to the IP of www.site.com (Which is most likely shared with subdomain.site.com) will be used.

You need to use a dedicated IP for each SSL vhosts.

poilache
  • 36
  • 2
  • 2
    What about server name indication? Or lacking that, how about wildcard or alternate name certificates? – Shane Madden Jul 19 '11 at 15:40
  • SNI is still not the answer because people are still using IE6 (duh!) and some browser may be incompatible. A wildcard certificate is only a way to not buy a cert for each subdomains you have. You'll still need to use a different IP for each one of them. – poilache Jul 19 '11 at 15:46
  • 2
    That's not the case at all. SNI gets you the ability to present a different cert based on which host is being requested - but if you can present the same cert for all hosts on an address (with a wildcard or alternate name cert), then normal old host headers, happening after SSL negotiation, work just fine. For instance, check out the IP addresses and certificates on www.verisign.com vs www.verisign.net; same IP, same cert, different content (.net spits out a redirect, while .com serves a page). – Shane Madden Jul 19 '11 at 16:25
  • Correct me if I'm wrong. The redirect doesn't mean the content/webroot is different, even if you get a 301. e.g : `RewriteRule (.*) https://www.verisign.com/$1 [R=301,L]` can be added to the vhost configuration. – poilache Jul 19 '11 at 18:38
  • 1
    Sure, but you can pretty much say that about anything that you do with a virtual host. I am telling you that it's the case, that I have run dozens of SSL virtualhosts on a single IP with a wildcard cert without SNI. – Shane Madden Jul 19 '11 at 18:51
  • 1
    Right on, +1. (more characters) – Shane Madden Jul 19 '11 at 20:11
0

From what I understand you can only have one SSL per cpanel, the way around this seems to be to have a wildcard SSL certificate

Take a look at these

http://regx.dgswa.com/html/content/howto-setup-a-wildcard-ssl-cert-cpanel-whm-running-apache-2

http://forums.hostgator.com/ssl-subdomain-t75423.html

Phil Eddies
  • 356
  • 1
  • 8