HTTPS in sub domain serves content from main domain. Wildcard SSL installed.
Hello everybody,
this is my first question here. Thank you for reading it. It seems the problem has something to do with VirtualHost configuration in httpd.conf, but I am not sure. Below is the issue. We recently bought a wildcard SSL and installed it. The main domain works fine over HTTPS. But the sub domains does not. It seems the HTTPS requests to sub domains are serving content from main domain. If a corresponding url exists in the main domain for the given sub domain url, it is displaying the content of the main domain( for a HTTPS request to a sub domain url).If a url does not exist in the main domain for a given sub domain url, it gives 404 error. The sub domains are working just fine over HTTP. Environment: We are on a Linux VPS. Cpanel 11.30.6 , Apache 2.2.22, PHP 5.3.13 There are a lot of virtual host entry in the httpd.conf for other sites too in it. For the site in question we have two sub domains. We have VirtualHosts set up for each sub domains (so we have three VirtualHost entries like this for the two sub-domains and another VirtualHost entry for main domain) like Code:
NameVirtualHost xx.xx.xxx.xx:80 and then we also have a VirtualHost setup for main domain for port 443 Code:
<VirtualHost xx.xx.xxx.xx:443> Thank you. |
can you provide the sub domains and example requests?
note that you would generally define a vhost as *:80, not <ip.add.re.ss>:80, that *could* become relevant. |
Thanks @acid_kewpie for replying. Yep,we can try the sub domain is wp.my-guardian-angels.com. This sub domain has all pages similar to the main domain except few. So a test on a page/url which is there in both the main domain and the sub domain but has different content confirms the test.
Please try the "plans and pricing" page on both the main domain and the sub domain over HTTP: In main domain the link is : http://my-guardian-angels.com/plans-pricing/ In the sub domain the link is : http://wp.my-guardian-angels.com/plans-pricing/ You will see these pages are different Now if we try the same links over HTTPS: for the main domain : https://my-guardian-angels.com/plans-pricing/ for the sub domain : https://wp.my-guardian-angels.com/plans-pricing/ we can see both the https request are serving the same content for the plans and pricing page over https, and the content is that of the main domains plans and pricing page. |
I mean, can we see the actual httpd config? there really should be no difference apart from the SSL stage.
|
Sure, below is the httpd.conf file
Code:
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # |
there is no 443 virtualhost for that subdomain.
|
Hello Chris,
Thanks for the reply. Yep I see we don't have virtualhost entry for the subdomains for port 443. I have been reading this article and it seems to suggest we need to have virtualhost entries for each subdomain for 443. I have a couple of questions, it would be great if you can help me. 1. I guess we need to specify NameVirtualHost for port 443. I was wondering which one would be correct Code:
NameVirtualHost 70.39.144.72:443 Code:
NameVirtualHost *:443 Code:
SSLCertificateFile /etc/ssl/certs/my-guardian-angels.com.crt Amit |
well I see you've a lot of different sites on IPs... the norm is to use the *:443 format, but that will make all sites available on all IPs. This may or may not matter in the slightest if DNS is never going to send a user to a different IP anyway.
As for the certs, yes as long as the DN of the cert covers it, and you said it was a wilcard, so should be fine. |
Thanks Chris. I will read up a little bit more and will try this out tonight. I will post back the result on this thread.
|
I have been trying to sort this out. But I came up with more questions :( . They are
1. Is my virtual host entry correct Code:
<VirtualHost 70.39.144.72:443> 2. Where do I put the virtual host entry? Do I edit the httpd.conf file and put the virtual host entry there directly or do I put it in some include file. I guess if apache is recompiled again at some point of the httpd.conf will be over written? There are lines in the httpd.conf which says “# DO NOT EDIT. AUTOMATICALLY GENERATED. IF YOU NEED TO MAKE A CHANGE PLEASE USE THE INCLUDE FILES”. If I were to put in some include file, in which file should I add the SSL virtualhost entry? 3. Do I make copies of the SSL my-guardian-angels.com_SSL in /var/cpanel/userdata/myguardi and rename them to next.my-guardian-angels.com_SSL and wp.my-guardian-angels.com_SSL? This post seems to suggest so. I appreciate your effort to answer my questions. Thank you. |
the config looks broadly correct, it being seen to work would be the real giveaway though.
the entry can go after that one. Usually the would be in ssl.conf but it's really not structured to any obligatory format, just convention. Mind you, I have NEVER used a noddy web interface to manage a file, so I can't say what limitatiosn that might impose. is there an include directory to drop a while file into? no, the same cert is fine. |
Thanks Chris for all the help. I will add the permanent entry to ssl.conf. I went through the ssl.conf ,its strange I don't see the
Code:
<VirtualHost 70.39.144.72:443> I think I would like to test out the virtualhost entry first on httpd.conf itself to see if its correct and the SSL is working fine for the sub domains. Broadly here is my battle plan 1. I will edit the httpd.conf and add the virtualhost entry for port 443 for the sub domain. 2. restart apache and test if the apache configuration is fine and the apache restarted correctly. 3. If apache restarted correctly we go ahead and test the sub domains. 4. Once we confirm the SSL is working for the sub domain we move ahead and add the virtualhost entry to the ssl.conf (this would be another battle plan) Do let me know your thoughts. Thank you. |
For your question, well I am using Putty to access the VPS. There is an include directory at /usr/local/apache/conf/includes but it contains files like pre_main_1.conf, pre_virtualhost_2.conf etc
|
Bump :o . It would be really wonderful if somebody looks at what I am trying to do and alert me if I am on my way to screw up things :scratch::newbie:
|
all you're doing is editing a text file, you can't screw that up. just take a backup in case and do it.
|
All times are GMT -5. The time now is 06:24 AM. |