Subdomain SSL Certificates

SOTHDEV
SOTHDEV used Ask the Experts™
on
We have a server hosted with cacloud.com. We have been attempting to set up subdomains for clients to use to log in to one of our web applications. We have created the sub domains on cPanel, and installed the SSL certificate onto the server.

Past employees had properly set up the subdomains previously, but they have since left the company, and we have been unable to properly configure additional subdomains. When we created a new subdomain, and added in the correct redirect, it gives us a blank page with this message when trying to view that subdomain in a web browser:

Sorry, that account does not exist


For example,
bayshoreoptometry.visualbook.ca
is working as intended, while
orangeville.visualbook.ca
is not.

As far as we can tell, both subdomains have been created the same way on cPanel. The only thing we know, is that a senior member had to do something involving the SSL certificates for each subdomain.

Any information you can give us would be great, we are not very experienced in this area.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017

Commented:
You need to be more detailed on your issue.
You can only have one dedicated secure site per IP/port combination.
You could use/have multiple secure sites using host headers to differentiate among them but that would require that you have a single certificate with SAN Subject Alternate Names meaning every single subdomain that you want to be secured will have to be referenced/included in the certficate.

If you have multiple IPs, you have to make sure that each subdomain with a certificate is bound to the correct IP
ip1:443 site1
IP2:443 site2

If you only have a single IP, apache will differetiate between them when the connection is http:// unsecure but will not work without the above on the secure site.

Author

Commented:
Sorry if we didn't give enough detail, we gave as much as we know as there was a large knowledge gap between us and the employee that previously worked on this.

I believe we have a wildcard certificate, in the ssl.db file i see *.visualbook.ca, and I remember the previous employees discussing the difficulty of getting the wildcard certificate to work. We have all the sub domains on the same IP, and in the httpd.conf file they're all on the same IP:port.

We have about 4 sub domains that are already all working on the same IP:port, but any new ones we try to set up are not.
Distinguished Expert 2017
Commented:
It is rare.

your virtual host for SSL

The sites are distinguish through the use of the ServerName and ServerAlias directive

There are two configuration files.
httpd.conf usually only has the unsecured site accesss
often at the bottom in has an include file pointing to conf.d/*.conf

within that location there is the ssl.conf file that contains the Secured sites.
You likely did not add orangeville.visualbook.ca as another virtual host here

NameVirtualIP IP:443

<VirtualHost *:443>
ServerName orangeville.visualbook.ca
DocumentRoot ....
certificate reference.



</VirtualHost>

Note you're issue is not with a certificate as it validates, the error is that it matches the "default" secure site meaning you do not have a secure site entry for this site.

look at the ssl.conf file and simply copy the last <VirtualHost ..> </VirtualHost> Group and modify the newly copied data to include the new domain.

That is all that you need to do to make it work.

Presumably, the site content is already in place .....
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Author

Commented:
We looked at the bottom of the httpd.conf file, there were 2 includes, a few other includes throughout as well, but all the files that were included were empty files.

We couldn't find an ssl.conf file anywhere on our server either, nor a conf.d directory.

Our httpd.conf file had previously had the <VirtualHost> entries for the new subdomains we set up, but I re-copied them from a working sub domain and changed the info again just to make sure, and the situation didn't change.
Distinguished Expert 2017

Commented:
where is the httpd.conf file
/etc/httpd/conf/httpd.conf
/etc/apache2/conf/httpd.conf?


/etc/<match your setup>/conf.d/

What you are looking for is a virtual host entry where it has NameVirtualHost IP Listen 443.

Look at the cpanel setup for the site that works and look at it sub sections if any, look at whether there are two sections, secure web sites, unsecure web sites. etc.


The data might be in a mysql DB......

Navigate through CPANEL and compare the domain references that is working as a basis for the new one you wish to use.

Author

Commented:
Our httpd.conf file is
/etc/httpd/conf/httpd.conf
however there is no conf.d/ directory in /etc/httpd/ or /etc/httpd/conf/

We went through all the sub sections in cpanel. There's nothing for secure/unsecure websites, just Security and SSL/TLS. In the SSL/TLS section, the new subdomain is listed, exactly same as the working ones.

We also went through the mySQL databases and couldn't find anything regarding the subdomains, or accounts, etc.
Distinguished Expert 2017

Commented:
The error you get when visiting deals with user not authorized.  There is something missing in your apache configuration.  it could be that you exceeded the number of subdomains that can be hosted.  From this vantage point I can not say which is the correct answer.

However, you do not get any errors related to the certificate.  This is purely a configuration of whether apache will answer your request for the domain you specify.

Author

Commented:
Thanks for your help Arnold. We found the issue after looking at the places you suggested. It was a database entry configuration issue.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial