Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

SSL Grabbing from Another Domain/User

https://forum.vestacp.com/viewtopic.php?f=11&t=9091

Page 1 of 1

SSL Grabbing from Another Domain/User

Posted: Tue Aug 18, 2015 4:17 pm
by Gordon55M
I've been struggling a little installing a Rapid SSL. I thought I had it all completed and nailed down, but when I went to test it out in Chrome, I got an interesting error.

In my VestaCP I have multiple users and each user has multiple domains attached to their account. In looking at the attached image, you can see that the domain I want the SSL on (user1domain.com) is pulling SSL info for another account/domain (user2domain.com). These two users have complete separate accounts in VestaCP. The error thrown is: NET::ERR_CERT_AUTHORITY_INVALID

Image

The steps I took to create the SSL for user1domain.com was:
  1. In the user1domain.com panel under WEB and the correct domain I checked "SSL Support" and clicked "Generate CSR"
  • In the new window, I copied the SSL CSR into my RapidSSL SSL request form.
  • When I got my new Certificate and Intermediate CA from Rapid SSL I entered them into the SSL Certificate and SSL Certificate Authority / Intermediate (optional) boxes in VestaCP respectively. I then copied and pasted in the Key that was generated on the Vesta CSR page into the SSL Key box and clicked save.
  • I visited https://user1domain.com and got an error for the domain that says "NET::ERR_CERT_AUTHORITY_INVALID" and says the issuer of the SSL is user2domain.com when in reality it shouldn't be
Any thoughts? I tried Rebuild Web in Vesta and that didn't do it.

Re: SSL Grabbing from Another Domain/User

Posted: Tue Aug 18, 2015 5:30 pm
by abad
If domain doesn't have SSL setup, it will take certificate of the first domain in your apache config. I fixed that with adding random domain in my account and then manually editing nginx/apache config to put it at the first place.

So if I got to a domain that doesn't have SSL setup, it will take certificate of that domain.


They should fix it, that it would simply not do anything, if SSL is not setup. Like in cPanel.



---------------------
EDIT: Woops, looks like you got a different problem. However, the thing I posted should also be fixed.

Re: SSL Grabbing from Another Domain/User

Posted: Tue May 10, 2016 1:45 pm
by skurudo
I suggest this:

Edit your /etc/nginx/conf.d/your-ip.conf

Code: Select all

server {
    listen       your-ip:80 default;
    server_name  _;
        access_log /dev/null;
        error_log /dev/null;
        return 444;
}

server {
    listen      your-ip:443;
    server_name _;
    ssl         on;
    ssl_certificate      /home/admin/conf/web/ssl.your-domain.ru.pem;
    ssl_certificate_key  /home/admin/conf/web/ssl.your-domain.ru.key;
        access_log /dev/null;
        error_log /dev/null;
  return 444;
}
Than restart nginx.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/