All HTTPS and subdomains are matching the default

Forums: 

Hello, I keep looking for some answers here, i found a lot of things but to no good use. All the HTTPS websites are loading in fact the default website. It's wrong because I reviewed all and "SSL website enabled?" is not checked for any of them. Also any subdomain mail.xxxxxx.ro seems to be working :o on HTTP and HTTPS and loads the default domain.

And everything is indexed in Google including Webmin and Usermin authentication page...

What files do you need posted? It seems it's a recent problem for me, after a few upgrades and resets an restores and others; BTW I'm having the same Apache and Bind config for years and no problems.

EDIT: mkey... disabled SSL for the main site, now web server is still loading an empty page for the others. Checked the Apache virtual servers - so I got these two virtual servers trying to serve files from /var/www/html:

Virtual Server  Any     8443    Automatic   /var/www/html   Open..
Virtual Server  Any     443     Automatic   /var/www/html   Open..

Your server is giving Internal Server errors from yesterday it's a nightmare to post :)

It will be a SEO disastre, how do I redirect the SSL from Virtualmin to the normal HTTP coresponding website. All of them I mean?

Can you give us some example URLs?

You may be seeing a side-effect of the way SSL sites work. If you have only a single IP, you can typically only have a single SSL website. But if you have multiple non-SSL sites and try to access one of those non-SSL sites using an https URL, you will get the page for the site with SSL..

''

Thanks, I know (1IP per server BTW) but the problem is that SSL is disabled in Virtualmin for all the websites, including the default one. It just loads a blank page from /var/www/html.

As for the mail.i-ware.ro it's the same with i-ware.ro but problem is all the other subdomains like mail.xxxxx.ro from that server loads in fact i-ware.ro...

I'm pretty confused - am I missing something related to the module settings?

Don't take the name of root in vain...

Ok .. so what do you want to happen when users access your different websites in SSL mode?

''

Can i redirect easily and with no consequences to Webmin/Virtualmin/Usermin all of the https websites to their corresponding http website?

Don't take the name of root in vain...

No .. there's no way to do this. Even if you somehow setup your default site to do the redirect, users would get SSL certificate errors as it would only be able to serve an SSL cert for your default domain.

If you don't have SSL enabled, why are users linking to the https: URLs in the first place?

''

Hi, I am encountering the same issues after setting up a new SSL site on a server hosting other non SSL sites...

IN answer to your (rather old) question above "If you don't have SSL enabled, why are users linking to the https: URLs in the first place?"

The issues is that a user MAY randomly just try to type in httpS: instead of http:, and then end up at the wrong website (i.e. it rewrites/redirects to the single SSL site) when that is not the intended site. The more logical result would be that for a non SSL site, the site would just redirect/rewrite to http.

Is this possible? Any links to steps on how to set this up for all other non SSL sites? Thanks.

Thanks, so I'll leave it as it is. It's not about the users, but about the search engines as stated before. Now is there something I can do about the mail.xxxxx.ro stuff?

Don't take the name of root in vain...

Search engines wouldn't crawl the SSL site unless there are links to it somewhere though, right?

As for the mail.domain.com issue, that is really the same problem .. every domain you create in Virtualmin has several DNS records like www, ftp, mail and so on. These all resolve to the domain's IP. However, only www.domain.com and domain.com have a website associated with them.

''

I made most of the websites and I didn't insert any links anywhere... Ok, so our only chance to remove duplicate content in search engines is not to directly edit Apache directives or BIND records somehow. Seems that robots.txt is the only chance. I will try this, with a second file for https:

  1. mod_rewrite enabled.
  2. Create a second robots.txt, called robots_ssl.txt
  3. Dissalow all robots in this new robots file:

User-agent: *

Disallow: /

  1. Upload that new robots file to the root of the domain.
  2. Add the following to the .htaccess file:

RewriteEngine on

Options +FollowSymlinks

RewriteCond %{SERVER_PORT} ^443$

RewriteRule ^robots.txt$ robots_ssl.txt

I assume it is correct? Now how will I stop the bots to not index also the Webmin and Usermin authentication pages on their corresponding ports? The same recipe?

Don't take the name of root in vain...

The next Webmin / Usermin releases will include a robots.txt file, to block indexing by search engines..

''

Thanks God I found this thread. I am seeing exactly the same issue. That is I enabled SSL for a single website, and the https of all the other Virtualmin sites now show this site, even though ssl is disabled for the other sites. I guess I will need another IP address to solve this problem.

Virtualmin Version 4.18.gpl Webmin Version 1.770

The issue persists in the most recent release at this time. Enabling SSL for the default site will in turn redirect all HTTPS requests to the default site's SSL server unless an SSL server has been set up for that site, certificate included.

Example: A site, http://www.thevgc.net/ which contains no SSL certificate, when navigated to using the HTTPS protocol via https://www.thevgc.net/ will display the default site's domain instead, currently https://www.wordwebdesign.com/

The Problem: Site indexing. Google loves to index secure version of the site first, which is causing it to index pages from the default site instead of my actual site! I also can't find any links to my site because the SSL site is being indexed first: the SSL site that doesn't exist.

This is expected due to the way Apache does virtualhost matching. But surely any access to the https:// site on the wrong domain would cause an SSL certificate error though?

''

Found the solution long time ago, but didn't post it, because... this thread is ancient :) To get rid of all the problems, just enable the SSL Website feature for ALL the domains. And the nice Virtualmin will generate you a certificate for each domain, if you don't have one.

You will have a nice setup, each domain with it's own certificate, SSL everywhere, and not the "catch all" behavior. And this will work for your subdomains too on any domains because the certs are wildcard certs. Just try it.

Don't take the name of root in vain...

While this does work, it also generates a security warning in modern browsers because the certificate isn't from a root authority.

Still, it's better than the alternative. Shame Virtualmin doesn't seem to support SNI.

Eh, of course it does. We hope that this will become a thingy of the past with the https://letsencrypt.org/ initiative. Virtualmin will surely support this, I recall Jamie or Joe talking about it...

Don't take the name of root in vain...

Yes, in fact I am working on it right now.

''

I hope that LetsEncrypt will bring some light on this subject because until now to have Virtualmin and SSL in the same sentence usually only means problem, and a lot of them. To be forced to use/generate SSL for all domains just because one of them need https is pure nonsense. Not even with LetsEncrypt we have a decent solution but just a weak attempt to patch the main problem.

At one point Virtualmin should stop with new features what to be honest we didnt see any for a long time and start cleaning the code and mistakes from the past.

And once again Diabolico diabolically tries to stop the development of Virtualmin, with a dying wish for GPL, :) and to pay by himself huge piles of money for a what he needs, or at least thinks it does, and gloriously trample on the bodies of the other subhuman users, whom think different :D

Virtualmin, GPL or PRO, is not broken - stop saying otherwise.

Yours truly, FakeMoth.

Don't take the name of root in vain...

Fakemoth someone could think you are stalking me. I didnt say that Vmin is broken but is true that the code desperately need some cleaning and (minor) bug fixes. This is not the first time you start with personal attacks because you didnt like what i said or you dont agree with my opinion. I think you should work out on your maturity because in real world not everyone needs to share your opinions.

-you are posting in my 5 years old thread, solved for me, in which I posted back to help others and I am stalking?

-we might have different ideas about this phrase "At one point Virtualmin should stop with new features what to be honest we didnt see any for a long time and start cleaning the code and mistakes from the past."

-"Virtualmin and SSL in the same sentence usually only means problem, and a lot of them" sounds just about the same; also doesn't apply to me because the universe is quite diverse, and no one has to share random opinions...

Unless you are contributing with a TECHNICAL idea, not with off topics, hijacking threads with larger than life opinions, I will answer... pretty much the same.

Case closed from my part.

Don't take the name of root in vain...