WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!
Subdomain SSL Certificates
We have a server hosted with cacloud.com. We have been attempting to set up subdomains for clients to use to log in to one of our web applications. We have created the sub domains on cPanel, and installed the SSL certificate onto the server.
Past employees had properly set up the subdomains previously, but they have since left the company, and we have been unable to properly configure additional subdomains. When we created a new subdomain, and added in the correct redirect, it gives us a blank page with this message when trying to view that subdomain in a web browser:
Sorry, that account does not exist
For example,
bayshoreoptometry.visualbo
is working as intended, while
orangeville.visualbook.ca
is not.
As far as we can tell, both subdomains have been created the same way on cPanel. The only thing we know, is that a senior member had to do something involving the SSL certificates for each subdomain.
Any information you can give us would be great, we are not very experienced in this area.
Past employees had properly set up the subdomains previously, but they have since left the company, and we have been unable to properly configure additional subdomains. When we created a new subdomain, and added in the correct redirect, it gives us a blank page with this message when trying to view that subdomain in a web browser:
Sorry, that account does not exist
For example,
bayshoreoptometry.visualbo
is working as intended, while
orangeville.visualbook.ca
is not.
As far as we can tell, both subdomains have been created the same way on cPanel. The only thing we know, is that a senior member had to do something involving the SSL certificates for each subdomain.
Any information you can give us would be great, we are not very experienced in this area.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Sorry if we didn't give enough detail, we gave as much as we know as there was a large knowledge gap between us and the employee that previously worked on this.
I believe we have a wildcard certificate, in the ssl.db file i see *.visualbook.ca, and I remember the previous employees discussing the difficulty of getting the wildcard certificate to work. We have all the sub domains on the same IP, and in the httpd.conf file they're all on the same IP:port.
We have about 4 sub domains that are already all working on the same IP:port, but any new ones we try to set up are not.
I believe we have a wildcard certificate, in the ssl.db file i see *.visualbook.ca, and I remember the previous employees discussing the difficulty of getting the wildcard certificate to work. We have all the sub domains on the same IP, and in the httpd.conf file they're all on the same IP:port.
We have about 4 sub domains that are already all working on the same IP:port, but any new ones we try to set up are not.
It is rare.
your virtual host for SSL
The sites are distinguish through the use of the ServerName and ServerAlias directive
There are two configuration files.
httpd.conf usually only has the unsecured site accesss
often at the bottom in has an include file pointing to conf.d/*.conf
within that location there is the ssl.conf file that contains the Secured sites.
You likely did not add orangeville.visualbook.ca as another virtual host here
NameVirtualIP IP:443
<VirtualHost *:443>
ServerName orangeville.visualbook.ca
DocumentRoot ....
certificate reference.
</VirtualHost>
Note you're issue is not with a certificate as it validates, the error is that it matches the "default" secure site meaning you do not have a secure site entry for this site.
look at the ssl.conf file and simply copy the last <VirtualHost ..> </VirtualHost> Group and modify the newly copied data to include the new domain.
That is all that you need to do to make it work.
Presumably, the site content is already in place .....
your virtual host for SSL
The sites are distinguish through the use of the ServerName and ServerAlias directive
There are two configuration files.
httpd.conf usually only has the unsecured site accesss
often at the bottom in has an include file pointing to conf.d/*.conf
within that location there is the ssl.conf file that contains the Secured sites.
You likely did not add orangeville.visualbook.ca as another virtual host here
NameVirtualIP IP:443
<VirtualHost *:443>
ServerName orangeville.visualbook.ca
DocumentRoot ....
certificate reference.
</VirtualHost>
Note you're issue is not with a certificate as it validates, the error is that it matches the "default" secure site meaning you do not have a secure site entry for this site.
look at the ssl.conf file and simply copy the last <VirtualHost ..> </VirtualHost> Group and modify the newly copied data to include the new domain.
That is all that you need to do to make it work.
Presumably, the site content is already in place .....
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
We looked at the bottom of the httpd.conf file, there were 2 includes, a few other includes throughout as well, but all the files that were included were empty files.
We couldn't find an ssl.conf file anywhere on our server either, nor a conf.d directory.
Our httpd.conf file had previously had the <VirtualHost> entries for the new subdomains we set up, but I re-copied them from a working sub domain and changed the info again just to make sure, and the situation didn't change.
We couldn't find an ssl.conf file anywhere on our server either, nor a conf.d directory.
Our httpd.conf file had previously had the <VirtualHost> entries for the new subdomains we set up, but I re-copied them from a working sub domain and changed the info again just to make sure, and the situation didn't change.
where is the httpd.conf file
/etc/httpd/conf/httpd.conf
/etc/apache2/conf/httpd.co
/etc/<match your setup>/conf.d/
What you are looking for is a virtual host entry where it has NameVirtualHost IP Listen 443.
Look at the cpanel setup for the site that works and look at it sub sections if any, look at whether there are two sections, secure web sites, unsecure web sites. etc.
The data might be in a mysql DB......
Navigate through CPANEL and compare the domain references that is working as a basis for the new one you wish to use.
/etc/httpd/conf/httpd.conf
/etc/apache2/conf/httpd.co
/etc/<match your setup>/conf.d/
What you are looking for is a virtual host entry where it has NameVirtualHost IP Listen 443.
Look at the cpanel setup for the site that works and look at it sub sections if any, look at whether there are two sections, secure web sites, unsecure web sites. etc.
The data might be in a mysql DB......
Navigate through CPANEL and compare the domain references that is working as a basis for the new one you wish to use.
Our httpd.conf file is
/etc/httpd/conf/httpd.conf
however there is no conf.d/ directory in /etc/httpd/ or /etc/httpd/conf/
We went through all the sub sections in cpanel. There's nothing for secure/unsecure websites, just Security and SSL/TLS. In the SSL/TLS section, the new subdomain is listed, exactly same as the working ones.
We also went through the mySQL databases and couldn't find anything regarding the subdomains, or accounts, etc.
/etc/httpd/conf/httpd.conf
however there is no conf.d/ directory in /etc/httpd/ or /etc/httpd/conf/
We went through all the sub sections in cpanel. There's nothing for secure/unsecure websites, just Security and SSL/TLS. In the SSL/TLS section, the new subdomain is listed, exactly same as the working ones.
We also went through the mySQL databases and couldn't find anything regarding the subdomains, or accounts, etc.
The error you get when visiting deals with user not authorized. There is something missing in your apache configuration. it could be that you exceeded the number of subdomains that can be hosted. From this vantage point I can not say which is the correct answer.
However, you do not get any errors related to the certificate. This is purely a configuration of whether apache will answer your request for the domain you specify.
However, you do not get any errors related to the certificate. This is purely a configuration of whether apache will answer your request for the domain you specify.
Thanks for your help Arnold. We found the issue after looking at the places you suggested. It was a database entry configuration issue.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Word 2016 Part … 174 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Excel 2007 Basic 239 lessons
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
You can only have one dedicated secure site per IP/port combination.
You could use/have multiple secure sites using host headers to differentiate among them but that would require that you have a single certificate with SAN Subject Alternate Names meaning every single subdomain that you want to be secured will have to be referenced/included in the certficate.
If you have multiple IPs, you have to make sure that each subdomain with a certificate is bound to the correct IP
ip1:443 site1
IP2:443 site2
If you only have a single IP, apache will differetiate between them when the connection is http:// unsecure but will not work without the above on the secure site.