Hello, I have an ispconfig 3.1.6 installation and i am hosting multiple sites. Some have an SSL cert others dont. The interesting thing is that when i try to access a website with https:// that does not have an SSL cert i get the content of a site that has an ssl cert. So when trying https://domain1.com i get the same domain just with the red error that its not secure and i get the content of https://domain2.com. If i access the domain1 on http:// then the page loads normaly. Any ideas what is going on? Best regards, Trix
That's the normal behavior of the Apache and Nginx web servers. When there is no vhost for a given domain on a specific port, then the server will show the content of the first vhost that exists for that port and IP combination. You have two options to avoid that: a) Enable SSL for all sites. b) Use a different IP address for SSL sites. so that SSL sites and non-SSL sites don't share the same IP.
Hi Till, I assume that by "Enable SSL for all sites" you ment that everyone will need either an SSL cert or the letsencrypt version? Or there is a method to enable SSl for all sites without a cert so the specific site will get loaded but with an error that is not safe ? Thanks, Trix
You access a webserver through IP first and through domain name secondly. So you can reach the server via IP and it matches no website, and then the first alphabetic website is shown.
Yes, ssl requires a cert, which can be either obtained from LE or by another SSL authority (and then inserted on the ssl tab when not LE). Maybe as a sidenote, latest browsers will show warnings when you submit form data on a non ssl site and Google will rank down non ssl sites as well, so there are good reasons to set all sites to SSL these days, besides the security benefit that SSL provides.
