SNI and default web site

Discussion in 'General' started by Votantonio, Feb 16, 2017.

  1. Votantonio

    Votantonio New Member

    i'm a big fans of ISPConfig!!
    Everything works greats and really easy to use.
    I have just one trouble, on my server I have only one IP and I enable SNI over apache.
    My trouble is that on the server there is only one site with https support and the other 2 without it, but if i type https:// and the site that i don't configure with ssl support, I have this site that works with the wrong certificates.

    Can you help me?
  2. sjau

    sjau Local Meanie Moderator

    any reason why you don't have the other two sites enabled with ssl as well?
  3. Votantonio

    Votantonio New Member

    because they are just blog site and don't care of https.
    I need https support for all site if I use SNI?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The apache and nginx web servers are working like this:

    if no matching vhost is found on a given port and IP (in your case, port 443), then the web server will show the content of the best matching other site, which is the site that has ssl enabled. There are basically 3 ways to solve your problem:

    a) Use a different IP address for ssl sites and not ssl sites.
    b) Enable SSL on all sites if you have just one IP.
    c) Create a so called default vhost with an empty page inside. The vhost domain must be first in alphabet and the domain must not exist, so e.g. 000default.tld is fine. But you wont get an ssl cert for that except of a self-signed ssl cert, so in any case, your users will get an ssl error when thy access one of the sites without ssl.

    I recommend to use b). SSL certs are available for free now thanks to Letsencrypt and browsers liek google chrome will show all sites without SSL as insecure now, so it's time to switch to SSL :)
  5. Votantonio

    Votantonio New Member

    And with ISPConfig is really simple.
    Thank's a lot

Share This Page