- Linux Distribution and version used on your server. Distributor ID: Debian Description: Debian GNU/Linux 7.8 (wheezy) Release: 7.8 Codename: wheezy - ISPConfig version: 3.0.5.4p8 Scenario: - SSL certificate is installed correctly under domain1.tld - second SSL certificate for ispconfig is installed as well Problem is when I want to access ispconfig, I get warning for SSL mismatch, name is not valid as it uses somehow cert from domain1.tld This domain1.tld cert for website is working without any warnings. Both SSL certs are setup-ed under same IP address. Do I need to have additional IP address for website, so one SSL per IP ?
SSL certificates of websites are used for the website only. ispconfig is on port 8080 and has its own SSL cert, so the website certs dont apply to the ispconfig interface.
I do access website on port 443 and ispconfig on port 8080. Other domains on the server, e.g. domain2.tld also have cert from domain1.tld if I check either through browser/ssl shopper /ssl labs - domain2.tld don't have SSL option enabled.
That's the normal behaviour of apache. when a site does not exits as an ssl site, then apache will use the first vhost on the same IP that it finds. you can avoid that by using a dedicated ip for ssl sites.
Still, this doesn't explain the use of domain1.tld ssl cert for ispconfig, as they're on the other ports/different vhosts and each of them has own cert. Do you know what could be problem or?
I explained that already in #2 of this thread. website vhosts do not matter for ispconfig access as ispconfig runs on port 8080 and has its own vhost. So all domains except of the one that you used for the ispconfig ssl cert must return an error as the only valid domain to access ispconfig is the one from the ssl cert that is used for the ispconfig vhost.
Theory =/ practically I will troubleshoot this more deeply, as nothing non-standard was configured, only location of certs. When I find problem, I'll post it here.
Solution in the end was to make vhost file with server hostname and include there SSL cert, that way server hostname was listening also on port 443 and no more mismatch errors were displayed.
