SSL / letsencrypt problems certificate applied to other sites.

Discussion in 'General' started by nhybgtvfr, Apr 4, 2017.

  1. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    i'm running a multiserver setup. ispconfig 3.1.2 with letsencrypt

    i have enabled letsencrypt for one site on one webserver. the site's certificate was created by enabling 'Lets encrypt SSL' from the domain page for the site. SSL is also enabled, although nothing is configured under the SSL tab.

    the certificate is created for the domains:
    DNS Name:
    DNS Name:
    DNS Name:
    DNS Name:
    DNS Name:
    DNS Name: is the main domain configured in ispconfig. www is auto-subdomain, the other domains are aliases.

    the site is working fine, https is working ok for this site,
    but google is returning links to other sites on the same server for search results for 'llandre st dogmaels'

    these links load a page from, under their own domain, trying to apply the cardigan-bay certificate to them.
    these sites are configured with ssl enabled, although, again, nothing is configured on the SSL tab.

    what is causing this? should ssl not be enabled on any of these sites? or just not enabled on the cardigan-bay site, only enabling LetsEncrypt?

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Enabling SSL is not enough to have SSL on a website, SSL requires also an SSL cert. So if you have not created an SSL cert yet nor enabled lets encrypt, then the site has no SSL. If someone accesses now a website which shares the same IP, then he will get the content of the first ssl enabled website that apache finds. that's the normal behaviour of apache and nginx web server.

    You have the following options:

    a) do not use the same IP for ssl and non ssl sites.
    b) enable ssl (which means to create a ssl cert as well or enable LE)
  3. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    damn. of course. :oops: i was looking for some complicated problem. completely forgot about that apache behaviour. :rolleyes:

Share This Page