We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
SSL Grabbing from Another Domain/User
SSL Grabbing from Another Domain/User
I've been struggling a little installing a Rapid SSL. I thought I had it all completed and nailed down, but when I went to test it out in Chrome, I got an interesting error.
In my VestaCP I have multiple users and each user has multiple domains attached to their account. In looking at the attached image, you can see that the domain I want the SSL on (user1domain.com) is pulling SSL info for another account/domain (user2domain.com). These two users have complete separate accounts in VestaCP. The error thrown is: NET::ERR_CERT_AUTHORITY_INVALID
The steps I took to create the SSL for user1domain.com was:
In my VestaCP I have multiple users and each user has multiple domains attached to their account. In looking at the attached image, you can see that the domain I want the SSL on (user1domain.com) is pulling SSL info for another account/domain (user2domain.com). These two users have complete separate accounts in VestaCP. The error thrown is: NET::ERR_CERT_AUTHORITY_INVALID
The steps I took to create the SSL for user1domain.com was:
- In the user1domain.com panel under WEB and the correct domain I checked "SSL Support" and clicked "Generate CSR"
- In the new window, I copied the SSL CSR into my RapidSSL SSL request form.
- When I got my new Certificate and Intermediate CA from Rapid SSL I entered them into the SSL Certificate and SSL Certificate Authority / Intermediate (optional) boxes in VestaCP respectively. I then copied and pasted in the Key that was generated on the Vesta CSR page into the SSL Key box and clicked save.
- I visited https://user1domain.com and got an error for the domain that says "NET::ERR_CERT_AUTHORITY_INVALID" and says the issuer of the SSL is user2domain.com when in reality it shouldn't be
Re: SSL Grabbing from Another Domain/User
If domain doesn't have SSL setup, it will take certificate of the first domain in your apache config. I fixed that with adding random domain in my account and then manually editing nginx/apache config to put it at the first place.
So if I got to a domain that doesn't have SSL setup, it will take certificate of that domain.
They should fix it, that it would simply not do anything, if SSL is not setup. Like in cPanel.
---------------------
EDIT: Woops, looks like you got a different problem. However, the thing I posted should also be fixed.
So if I got to a domain that doesn't have SSL setup, it will take certificate of that domain.
They should fix it, that it would simply not do anything, if SSL is not setup. Like in cPanel.
---------------------
EDIT: Woops, looks like you got a different problem. However, the thing I posted should also be fixed.
Re: SSL Grabbing from Another Domain/User
I suggest this:
Edit your /etc/nginx/conf.d/your-ip.conf
Than restart nginx.
Edit your /etc/nginx/conf.d/your-ip.conf
Code: Select all
server {
listen your-ip:80 default;
server_name _;
access_log /dev/null;
error_log /dev/null;
return 444;
}
server {
listen your-ip:443;
server_name _;
ssl on;
ssl_certificate /home/admin/conf/web/ssl.your-domain.ru.pem;
ssl_certificate_key /home/admin/conf/web/ssl.your-domain.ru.key;
access_log /dev/null;
error_log /dev/null;
return 444;
}