0

We have a number of sites on this dedicated server. Pages from one site are showing up on another site. Example:

  • clientsite1.com (right site, no SSL installed)
  • clientsite2.com (forwards to SSL, shows right site)
  • clientsite1.com (no SSL installed, WRONG site, shows clientsite2 after "untrusted connection" message)

Now I'm in WHM and this is what I see: http://i.imgur.com/GOBRuWa.jpg

The one that says "Is primary website on IP address?" is the one that's showing up improperly across all non-SSL domains. I am assuming this is because the OTHER domain on our IP address has "Web SNI" enabled, which apparently allows you to use multiple certificates on one IP?

To fix this problem, would someone confirm these steps please?

  1. Get each site on own dedicated IP.
  2. Delete the SSL host for each site in WHM.
  3. Re-add the SSL host for each site in WHM, with new dedicated IP address.

Or I can somehow also enable "Web SNI" for the domain that is currently showing improperly? Not sure how to do that, but I'll look it up if someone can confirm it will fix the problem.

I found another question on here with this comment but I'm not sure if it applies to my situation: "... at least on Apache a properly setup name-based virtualhost should display the correct content, even with SSL (I've used this myself). You'll get the "this is a bogus cert" warning, but if the client accepts the cert, the client will still send the Host header to the server, which Apache should use to select a VirtualHost block and show the correct content, not someone else's site." Is that the case here? If this is the case, what can I say to my webhost that will make them understand (and fix!) the problem?

Community
  • 1
K. W.
  • 13
  • 2
  • [Administration panels are off topic](http://serverfault.com/help/on-topic). [Even the presence of an administration panel on a system,](http://meta.serverfault.com/q/6538/118258) because they [take over the systems in strange and non-standard ways, making it difficult or even impossible for actual system administrators to manage the servers normally](http://meta.serverfault.com/a/3924/118258), and tend to indicate low-quality questions from *users* with insufficient knowledge for this site. – HopelessN00b Apr 01 '15 at 18:41
  • Sorry and thanks -- is there somewhere else I can post this where it'd fit better? – K. W. Apr 01 '15 at 18:44
  • [Pro Webmasters, maybe](http://webmasters.stackexchange.com/). – HopelessN00b Apr 01 '15 at 18:46
  • @Hopeless are you going to migrate it? I've got an answer already posted against the Q that i'd like left associated if possible. – roaima Apr 01 '15 at 19:31
  • I already reposted to Pro Webmasters but I'll delete if this is migrated? Here's the [link](http://webmasters.stackexchange.com/questions/78794/dedicated-server-issues-with-ssl-and-ips-content-showing-on-wrong-site) to it if that helps. – K. W. Apr 01 '15 at 19:34

1 Answers1

0

Your listed third option is when clientsite1 is accessed via https. The certificate error is because your SSL certificate is (only) for clientsite2. Here are your options:

  1. You want clientsite1 to be accessible via SSL, via a single IP

    • You need a multidomain SSL certificate that has both clientsite1 and clientsite2 listed.
    • Your SSL vHost configuration needs to route by name, just like your non-SSL configuration already does

  2. You want clientsite1 to be accessible via SSL, via multiple IPs

    • You need an SSL certificate for each clientsite1 and clientsite2
    • Your SSL Host configuration can be bound by IP address to the single clientsite1 or clientsite2 (no vHost configuration required)

  3. You don't want clientsite1 to be accessible via SSL

    • Stop accessing clientsite1 via https
    • Use a second IP address to handle clientsite1 so that there is nothing listening on the https port
roaima
  • 1,591
  • 14
  • 28
  • #3 for sure. We don't need clientsite1 accessible via SSL. But us not accessing clientsite1 over HTTPS won't stop Google accessing over SSL (we are getting backlinks etc. for the wrong site). But there are a lot of other sites on that same server -- so we should, instead of moving all those sites onto their own IPs, move clientsite2 (the SSL site) to a dedicated IP? – K. W. Apr 01 '15 at 16:38