Kunden Cert für Subdomain - Problem

    Quote from Nuxwin

    @TheCry


    Most of users are using the SNI feature because they don't know that without this feature, they must have one IP per SSL certificate. Usage of SNI is transparent (host header set by the browser).


    I agreed that in a perfect world, one IP per SSL vhost would be better but in shared hosting environment, it's not really viable.


    do you think there is a way to get it work without additional IP address?

    @MuhKuh


    Can you explain me what the problem exactly? I've hard time with German and so, I'm not sure to understand ;)



    Thanks ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Danke!
    also ich muss SNI in apache manuell einbinden und gibt es dazu eine Vorgehensweise mit IMSCP?
    bzw. ist das in den neueren IMSCP über die config möglich und in v1.1.1 nicht?

    Quote from Nuxwin

    @MuhKuh
    Can you explain me what the problem exactly? I've hard time with German and so, I'm not sure to understand ;)


    He added a SSL cert to a subdomain in i-MSCP v 1.1.1 but instead of the subdomain certificate he gets the admin panel certificate back from apache into the browser. I suspected SNI problem, but he uses a new browser and it works on the domain with another certificate.


    And he also wanted to know if there is a general problem with subdomain SSL certs in v 1.1.1

    @MuhKuh


    So: Same thinking here. Does the SNI support can be disabled on Apache side (or browser side)? He should look at this and also give us more information about its environment (distro/codename - apache version).


    And of course, he must update to latest version because we don't support the old version normally. The SSL feature works pretty well on the latest version (as long the admin know how to add the full CA chain)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @fulltilt


    No ! If the SSL vhost is missing for the subdomain, this mean that something is wrong. On certificate error, the SSL vhost is not created.


    Please, enable the debug mode in the imscp.conf file and then, try to re-add the certificate for the subdomain. Once it's done, look at the /var/log/imscp directory and post the content of the subdomain related log file.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support
    Quote from fulltilt

    Danke!
    also ich muss SNI in apache manuell einbinden und gibt es dazu eine Vorgehensweise mit IMSCP?
    bzw. ist das in den neueren IMSCP über die config möglich und in v1.1.1 nicht?


    Da musst du nichts manuell einbinden. SNI ist bei Apache seit Version 2.2.12 drin. Was benutzt du überhaupt für eine Linux Distribution?
    Geh mal mit deinem Browser auf: https://sni.velox.ch/
    Das sollte dir sagen ob das Problem in deinem Browser ist oder nicht.


    edit: ok, scheint das Problem ist wo ganz anders, wenn da nicht mal ein vhost file ist ;)