|Need help understanding an SSL problem.|
Greetings all. I inherited a fairly high traffic website that I have been managing. Over the holiday the website went down. I shot off an email to support, and received the below reply, but I am not sure what to make of it.
I am fairly OK with apache, in both the command line and using the WHM panel, but I really do not know much about SSL. Can anyone clarify this for me, or point me to some reading lists online that would help me understand what I need to do?
There appears to have been a conflict with an SSL configuration on this service. I was unable to determine the domain that was the cause of the issue, but received errors when restarting the Apache service. Note that if you wish to use SSL's you will need to request a separate IP addresses to assign to a particular domain. I suspended the domain in question, (mysite.com), and it suspended all domains. I have since removed the suspension on the domain, restarted the Apache service and the site appear the be responding at this time, but all content is pointing to (mysite.com). You will more than likely need to remove this domain, reconfigure the IP (xx.xx.xx.#*$!) as shared and then submit a request for an additional IP to be used for (mysite.com) if you require SSL's for this site. Please let us know if you require any further assistance or have any further questions.
To use SSL, the secure domain (or subdomain) must have a unique IP address, as stated in your host's message. To move this thread along, I'd suggest that you comment on this subject: Do you or do you not have a unique IP address for your "secure site"?
The reason that a non-shared/unique IP address is required is that SSL requests are encrypted from the very start of each HTTP request -- you can't even connect to the server if the request is made using HTTP instead of HTTPS (you cannot do a redirect from HTTPS to HTTP or any internal rewriting, or anything else, because no connection will be established if the protocol is not HTTPS). Therefore, once SSL is enabled, all requests to that IP address must be encrypted. So, if you were to try to share the IP address, then the entire site (i.e. entire server) would be SSL, and unless all of your domains and subdomains were set up for SSL, then you would likely "lock out" most of your users from all domains and subdomains that you attempted to share the IP address among.