SSL server IP/port conflict

[bjp]

Hello

I have this error in my logs and i dont know how to fix it.
If i can have some help
thank you

[Sun May 25 10:38:20 2008] [warn] Init: SSL server IP/port conflict: www.cbadat.com:443 (/usr/local/directadmin/data/users/cbadat/httpd.conf:48) vs. www.licenceprocommunication.com:443 (/usr/local/directadmin/data/users/licencepro/httpd.conf:48)

 

[vpsville]

You need a unique IP for each SSL site you have.

SSL uses 443 by default and it does not support virtual domains (because the domain name is encrypted, it relies on the port number).

 

[twv]

I had this problem, too. You need to turn off SSL for all users that don't have their own IP addresses.

 

[smtalk]

You can do that by running this command:

perl -pi -e 's/ssl=ON/ssl=OFF/' /usr/local/directadmin/data/users/*/domains/*.conf

It will turn SSL off for all domains. Then enable SSL only for domains you need.

 

[Lem0nHead]

You need a unique IP for each SSL site you have.

SSL uses 443 by default and it does not support virtual domains (because the domain name is encrypted, it relies on the port number).

are you sure?

I'm having this same problem, but AFAIK virtualhosts are supported on SSL even having same IPs

the connection is estabilished to an IP address and the domain is sent encrypted, so apache can only have one SSL cert for each IP (and will use this IP cert)... but as soon as the connection is estabilished with this cert, apache can decrypt the message, check the domain name and direct the traffic correctly

am I wrong?

 

[chatwizrd]

You cannot run two ssl sites on the same ip unless you patch your apache and/or ssl to do so. There are a few projects out there to do virtual hosts with ssl but I couldnt get any of them to work.

 

[nobaloney]

You can run as many sites as you want on a single IP#/Port# combination. You can even do it using DirectAdmin; in fact you WILL do it using DirectAdmin if you have multiple sites, all with SSL turned on, with a dedicated IP# for a particular user.

The problem is that because all traffic protected by the Certificate is encrypted Apache will not be able to read the site name in the headers so will have to decrypt it first. It will decrypt it with the Cert for the particular IP#. As Lem0nHead points out, once it's done that, it can and does properly direct the traffic, but by then the error has already been triggered.

No way around it.

Unless you can buy a wildcart cert for all of .com.

Good luck .

Jeff

 

[Jay13mhsc]

You can do what you expect to with virtual hosts.
But there are 2 conditions :
- use the same domain (example : *.cbadat.com)
- use the same certificate

There might be a last condition which is to access one of the site first
But i'm not really sure of that

The other way is to base your virtul hosting on IP
But you need several IP on your machine

Hope this helps

 

[armo]

You can do that by running this command:

also to do :

perl -pi -e 's/ssl=ON/ssl=OFF/' /usr/local/directadmin/data/users/*/user.conf