trouble with setting up SSL for subdomain

[tincboy]

I've hosted a domain with DirectAdmin, which has a subdomain on the same account with name of my.domain.com
I've bought a SSL certificate for that subdomain And I've installed the certificated on that account successfully but still opening the https://my.domain.com is loading old SSL certificated which is issued by localhost.
Any help on how to setup SSL certificate for subdomains? without separating it's account from parent domain?

Regards

 

[zEitEr]

Hello,

Why do you say that you've installed the cert successfully if the site still opens with self-signed SSL cert? I'd rather not say that. So provide your steps you follow, or reinstall the cert http://www.site-helper.com/ssl.html and make sure to restart apache.

By the way is my.domain.com added as sub-domain? Or as a regular domain?

 

[tincboy]

I've followed the steps which are provided with http://www.site-helper.com/ssl.html and at int's final step it said certificated has been installed successfully,
It's a subdomain on the same account of the primary domain

 

[zEitEr]

As far as I know there is no official way to install a SSL cert for a sub-domain. At admin level get into custom httpd configuration page in directadmin and post here virtualhost section for the sub-domain, so we could check it.

 

[tincboy]

here it's my httpd conf:

# Auto generated apache config file by DirectAdmin version 1.40.1
# Modifying this file is not recommended as any changes you make will be
# overwritten when the user makes any changes to his/her website

# For global config changes that affect all Users, see this guide:
# http://help.directadmin.com/item.php?id=2
# For local config changes that only affect one User, see this guide:
# http://help.directadmin.com/item.php?id=3

# Frontpage requires these parameters in every httpd.conf file or else
# it won't work.
ServerRoot /etc/httpd



<VirtualHost xxx.xxx.xxx.xxx:80 >


	ServerName www.domain.com
	ServerAlias www.domain.com domain.com 
	ServerAdmin [email protected]
	DocumentRoot /home/domain/domains/domain.com/public_html
	ScriptAlias /cgi-bin/ /home/domain/domains/domain.com/public_html/cgi-bin/

	UseCanonicalName OFF

	SuexecUserGroup domain domain
	CustomLog /var/log/httpd/domains/domain.com.bytes bytes
	CustomLog /var/log/httpd/domains/domain.com.log combined
	ErrorLog /var/log/httpd/domains/domain.com.error.log

	

	<Directory /home/domain/domains/domain.com/public_html>
		Options +Includes -Indexes

		php_admin_flag engine ON
		<IfModule !mod_php6.c>
			php_admin_flag safe_mode OFF
		</IfModule>
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'


		php_admin_value open_basedir /home/domain/:/tmp:/var/tmp:/usr/local/lib/php/


	</Directory>



</VirtualHost>




<VirtualHost xxx.xxx.xxx.xxx:443 >

	SSLEngine on
	SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
	SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
	SSLCACertificateFile /usr/local/directadmin/data/users/domain/domains/domain.com.cacert

	ServerName www.domain.com
	ServerAlias www.domain.com domain.com 
	ServerAdmin [email protected]
	DocumentRoot /home/domain/domains/domain.com/private_html
	ScriptAlias /cgi-bin/ /home/domain/domains/domain.com/public_html/cgi-bin/

	UseCanonicalName OFF

	SuexecUserGroup domain domain
	CustomLog /var/log/httpd/domains/domain.com.bytes bytes
	CustomLog /var/log/httpd/domains/domain.com.log combined
	ErrorLog /var/log/httpd/domains/domain.com.error.log

	

	<Directory /home/domain/domains/domain.com/private_html>
		Options +Includes -Indexes

		php_admin_flag engine ON
		<IfModule !mod_php6.c>
			php_admin_flag safe_mode OFF
		</IfModule>
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'


		php_admin_value open_basedir /home/domain/:/tmp:/var/tmp:/usr/local/lib/php/


	</Directory>



</VirtualHost>


<VirtualHost xxx.xxx.xxx.xxx:80 >


	ServerName www.my.domain.com
	ServerAlias www.my.domain.com my.domain.com 
	ServerAdmin [email protected]
	DocumentRoot /home/domain/domains/domain.com/public_html/cl
	ScriptAlias /cgi-bin/ /home/domain/domains/domain.com/public_html/cl/cgi-bin/
	
	UseCanonicalName OFF

	SuexecUserGroup domain domain
	CustomLog /var/log/httpd/domains/domain.com.cl.bytes bytes
	CustomLog /var/log/httpd/domains/domain.com.cl.log combined
	ErrorLog /var/log/httpd/domains/domain.com.cl.error.log

	

	<Directory /home/domain/domains/domain.com/public_html/cl>
		Options +Includes -Indexes

		php_admin_flag engine ON
		<IfModule !mod_php6.c>
			php_admin_flag safe_mode OFF
		</IfModule>
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'


		php_admin_value open_basedir /home/domain/:/tmp:/var/tmp:/usr/local/lib/php/


	</Directory>


	
</VirtualHost>



<VirtualHost xxx.xxx.xxx.xxx:443 >

	SSLEngine on
	SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
	SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
	SSLCACertificateFile /usr/local/directadmin/data/users/domain/domains/domain.com.cacert	

	ServerName www.my.domain.com
	ServerAlias www.my.domain.com my.domain.com 
	ServerAdmin [email protected]
	DocumentRoot /home/domain/domains/domain.com/private_html/cl
	ScriptAlias /cgi-bin/ /home/domain/domains/domain.com/public_html/cl/cgi-bin/

	UseCanonicalName OFF

	SuexecUserGroup domain domain
	CustomLog /var/log/httpd/domains/domain.com.cl.bytes bytes
	CustomLog /var/log/httpd/domains/domain.com.cl.log combined
	ErrorLog /var/log/httpd/domains/domain.com.cl.error.log

	

	<Directory /home/domain/domains/domain.com/private_html/cl>
		Options +Includes -Indexes

		php_admin_flag engine ON
		<IfModule !mod_php6.c>
			php_admin_flag safe_mode OFF
		</IfModule>
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'


		php_admin_value open_basedir /home/domain/:/tmp:/var/tmp:/usr/local/lib/php/


	</Directory>



</VirtualHost>

 

[zEitEr]

For the main domain and it's subdomain you've got:

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

which is wrong, so the installation was not completed successfully. You might need to re-install the cert and make sure to read every message from directadmin which appears.

 

[nobaloney]

If I recall correctly this could be correct if the domain is under the admin user-level and not under it's own user. While I can do these kind of installs (for my Site Certificate clients) they're always a bit more complex than setting up the user as a separate user with it's own IP#.

The big problem is usually the necessity of manually installing the CARoot Certificate.

There are a lot of threads on this topic on these forums.

Jeff

 

[zEitEr]

Admin as an user has an option to choose:

(+) Use the server's certificate (Use the server's shared signed certificate)
(-) Create your own self signed certificate / Create A Certificate Request
(-) Paste a pre-generated certificate and key

The first is the default one if SSL is enabled for the account.

The last two options make to use the own paths for certificates, e.g.

	SSLCertificateFile /usr/local/directadmin/data/users/admin/domains/hosting.server.com.cert
	SSLCertificateKeyFile /usr/local/directadmin/data/users/admin/domains/hosting.server.com.key

 

[nobaloney]

And there's still a problem since most Certificates now require a CARootCert, and the position for that is neither defined nor standardized.

Jeff