The freebsd server is ISPmanager-Lite 4.4.10.28, and the web server is running nginx + apache

There are several sites (domains) on the server and the problem is that if you set at least one of them a ssl checkbox, the rest of the sites become accessible via https, while, of course, an error like this appears:

Failed to confirm that this is the server domain.ru. His safety certificate refers to www.ssldomain.ru. Perhaps the server is configured incorrectly or someone is trying to intercept

If you uncheck ssl for all domains, then https stops responding. The checkmark adds the following lines to nginx config:

server { ............ server_name ssldomain.ru; ............ listen 89.108.121.130:443 ssl; ............ ssl_certificate /home/httpd-cert/user/cert.chained.crt; ssl_certificate_key /home/httpd-cert/user/cert.key; }

These lines are not added to other domains. How to make something necessary for me to answer the domain via https, and the rest do not? Thank!

  • worked with isp 4 lite, but there were no such errors. Try writing and / or updating to the latest stable version on the ispsystems forum . - Alex

1 answer 1

if other domains you rezolvitsya in the same ip-address, then you will not "protect" any of the domains from ssl-connections. first, an ssl connection is established, and only then you can do something “fencing”: return an error, redirect, etc.

free translation of the answer from another site with additions:

without sni (server name indication), the domain name ( hostname ) is part of the encrypted information (and it becomes available for decryption only after an ssl connection is established).

but even with sni, the browser will not accept redirections from the server without installing an ssl connection (https handshake + validation).