Wrong SSL website showing up in browser and wrong SSL certificate presented to user

  1. SSL website bug.

Steps to reproduce.

  1. Create virtual server. g____.com
  2. Create 2 sub servers under that virtual server. In this case, both happen to be on subdomains. shop.g____.com and pm.g_____.com
  3. Enable SSL website in all 3 virtual server options / domains.
  4. Disable SSL website on top level virtual server in the list.
  5. In browser, go to https top level virtual server website.
    It redirects to subserver htpps site.!! Should not do that. Should give a 404 or some error - ssl site not found.
  6. Disable SSL website on subservers. In browser, go to https subserver. It spills over into the next (unrelated account!) top-level virtual server's subservers!! In other words, the wrong SSL website shows in the browser.

Seems like the user interface settings, trigger Virtualmin code, which generate the apache settings, which have as a side effect, spillover logic for the SSL virtualservers which doesn't match the user interface settings, which are a simple on/off checkbox. Probably related to the default SSL host in some way, and/or the pattern matching rules that Apache uses to select the SSL virtual host to serve up to the browser.

Additional issue - Apache FAILS to START !! when SSL is enabled on top level virtual server AND SSL disabled on the subservers. Under the steps to reproduce from above. The workaround - so that Apache will at least start - is to disable SSL on the top level virtual server.

Status: 
Active

Comments

I don't know if this is the same bug I have. But it sounds similar.

If I have a virtual server sitenumber1.com and install a purchased SSL cert on there it works great.

Then on my second virtual server websitetwo.org I install another purchased SSL cert for that domain. It appears to work, but the problem then lies when navigating back to sitenumber1.com where a warning shows in the browser saying that the site cert is for websitetwo.org

So all Virtual Servers seem to just use the last installed Cert regardless of what Virtual Server or domain it was installed in...

Any help to fix this problem would be great thanks.

Just to update I fixed this by copying the old vhost file backups of the broken virtual servers. So enabling a new Vserver to have ssl must break the other vServers vhost files somehow. I didn't get chance to compare files as just need to try to fix it but if I install another SSL sometime I'll post my findings. Thanks.

Hi just an update if anyone can please help. I've figured out what changes in the vhost and messes up my SSL certs each time I save or change a Virtual Server.

When I say enable a feature, or turn email on or off for a Virtual server and then press save, it updates the vhost file from:

to:

Or whatever my IP address is locally. This then makes all my sites show the wrong SSL cert and I have to go into the updated Virtual Server's vhost file and remove 192.x.x.x etc and replace it back with an asterisk. Then everything seems to work ok again.

Does anyone know what is causing this in Virtualmin and what I should adjust please?

Thanks for any help. :)

It sounds like you could be seeing a configuration issue there. One thing to verify is to make sure all other VirtualHost sections on port 443 are using the desired format.

You probably would want to start with a new thread though, so we can best provide assistance. If you'd like to try the free community help, you're welcome to post a thread in the Forums (which we monitor, as well as lots of wonderful folks in the community!) Or, if you'd like to use one of your support incidents, you could start by posting a new thread here in the Support Tracker.

Which ever you go with, let us know what distro/version it is that you're using.

I have had very similar issues where a new certificate added to a virtual server seems to apply to all virtual servers, breaking the trust on their ssl connections. The temporary solution that I have found to this issue is by editing the virtual server and disabling "SSL website enabled?" (save) and then re-enabling it again for each virtual server. Its tedious but it works.