ISPConfig serving wrong site over https

Discussion in 'Installation/Configuration' started by ClearWest, Nov 13, 2015.

  1. ClearWest

    ClearWest New Member

    Hi everyone,
    I'm using ISPConfig version on Debian 8.2, setup exactly according to the "perfect debian server" guide here on howtoforge. Server is Apache.

    I'm currently hosting 3 sites, 2 of which have SSL certs. The problem is if I try to access the 3rd with https, it serves up the 1st site I hosted... which is completely wrong. In other words, I have:

    server.hostname.tld -- my server's hostname
    1) first site I created, has own SSL cert
    2) second site I created, has own SSL cert
    3) third site I created, no SSL

    Everything works as expected over http. But over https I get the following results:

    https : // server.hostname.tld -- expect to get: my server's default page // actually get: https : // [first site I created]
    https : // [first site I created] -- works correctly
    https : // [second site I created] -- works correctly
    https : // [third site I created] -- expect to get: [third site I created] // actually get https : // [first site I created]

    What am I doing wrong?
  2. matthias

    matthias New Member Moderator

    You're not doing anything wrong, that is just the way webservers work.

    When a webserver receives a request for a certain domain on a certain IP, it will look through the list of sites configured to run on said IP. If it does not find a site matching the domain requested, it will serve the alphanumerical first site it finds. For SSL sites, the same holds true - that means, if the requested site is not available via SSL, the webserver will serve the first SSL-enabled site it finds or an error, if there are no SSL-enabled sites at all.

    You can work around this by either:
    - giving the third site an SSL certificate as well
    - having two IPs for your server, one which only has non-SSL sites and one which only has SSL sites
    - creating a dummy site with a certificate, possibly self-signed, which will always be the very first in the servers' alphanumerical list of sites, so you at least avoid having content show up under a wrong domain for visitors, in Google etc.
    ClearWest likes this.
  3. ClearWest

    ClearWest New Member

    Ah, thank you! I was pulling my hair out trying to figure this one out... I didn't realize Apache looked at them in alphanumeric order, but now it makes perfect sense. I took your last suggestion and made a dummy site, and prefixed the virtual host name with 000 so it would find it first. Everything works as expected now. Whew. Thank you.
  4. matthias

    matthias New Member Moderator

    No problem, that issue stumped me as well, when I was just starting out with webserver stuff.

Share This Page