SSL questions. Multiple ip's and private_html

C

chow

Verified User
Joined
Aug 27, 2003
Messages
123
Location
The Netherlands
Hi,

I have been searching for this but only found very old topics. Therefore I'm curious if there are workarounds now. I'm installing DA servers at the moment with Installatron and WHMCS. Yesterday when we wanted to install a SSL certificate we noticed a few issues. Only one SSL per ip is possible and the ip must be owned. For a shared hosting environment this scenario is hardly workable. This means I have to get my customers an ip per domain :confused:

Another problem is that DA wants to use private_html for SSL. This makes my Installatron setup useless as soon as a customer wants to use SSL when he just installed Magento for example.

The last topic regarding these issues I found were from 2010. Might be al lot changed in the meantime. Is it?

**Edit**

Ah, found this..

http://directadmin.com/features.php?id=1100

So one problem solved. Leaving the private_html issue.
 
Last edited:
Thats how ssl works. You always have to have one ip per ssl certificate. This has nothing to do with directadmin.
 
You can enable DirectAdmin to allow multiple Certificates on the same IP#, but that doesn't change how https works. When an IP# is protected by a Certificate, the Certificate must contain the common name of the domain name being sought, or the browser will return an error. It IS possible to buy a Certificate for more than one domain name, or of course a wildcard Certificate which will work on multiple subdomains of a domain, but in both cases the Certificate is more expensive, and in the former case, the Certificate must be reissued every time a domain name is added or removed.

The private_html issue is easy to resolve. You can edit your domain settings from the user level and make private_html a link to public_html.

Jeff
 
chow said:
I just checked and I noticed the SNI option ( enable_ssl_sni=1) is not in directadmin.conf anymore :(
Click to expand...

Some defaults are not presented in directadmin.conf, so you should add them with a value you might need if you want to change it. Anyway, you might want to try to enable SSL SNI in directadmin and re-create httpd configs for your domains. To do that, just disable/enable SSL for a domain, and httpd config will be rewritten.

Never used SNI with apache, but I've tried it with NGINX. And some browsers gave me SSL errors, the other didn't when I tried to browser a site via HTTPS. I had reports from other users who faces the same, SNI was partly working, so I had to disable it and run SSL without SNI.

Anyway you might want to give a try and see how it works in your case.
 
You must log in or register to reply here.
Back
Top