SSL Certificate showing on all sites.

February 12, 2015 1.1k views

I installed a couple of self-signed SSL certificates following a tutorial on DO. They are working fine but there are other sites on the same droplet that do not have SSL certificates assigned to them. If you visit one of these site via https:// you get the browser warning and when you click on technical details it says the certificate is issued for one of the sites I set up an SSL cert for. How can I set it up so that the default is no SSL for sites that don't have a cert? What have I set up incorrectly that the first cert installed on the server is showing for all domains on the server?

The droplet is Ubuntu 12.04


6 Answers

Do you have a default *:443 virtualhost configured?

probably the fastest easiest solution is to enable mod_rewrite for your sites,

and then add this to the .htaccess for each site:

#force http 
RewriteEngine On 
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

if someone types in https for your site, that should redirect them to http

by Etel Sverdlov
This tutorial goes over Mod_Rewrite, an apache module that allows you to manipulate URLS to provide shorter or more relevant ones. This tutorial will go over Activating Mod_Rewrite, Creating and Using the required .htaccess page, and setting up the URL rewrites.

I did have mod_rewrite enabled as I have a bunch of Wordpress sites on this server. But when I added the rule above it didn't change anything. I checked to make sure that the site in question had

<Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride all
        Order allow,deny
        allow from all

in the VH and it does. Also checked to make sure that AllOverride All was in the default-ssl, and it was. But the rewrite rule is not redirecting to http. What could I be missing?

Thanks for the suggestions.

I wonder if you put something in the .htaccess of the SSL site that will redirect https for the other domains.

This is the only thing in the .htaccess of the site that is showing up as the SSL cert on every other site on the server:

BEGIN WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUESTFILENAME} !-f
RewriteCond %{REQUEST
RewriteRule . /index.php [L]

END WordPress

I'm completely stumped!

Have another answer? Share your knowledge.