#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    81
    Rep Power
    5

    SSL cert on same domain?!


    My host company Servage seem to say that they cannot host a SSL certificate on the same domain.
    For example if you have a site www.mysite.com, the SSL cannot also be active for www.mysite.com...something to do with the DNS.
    They say I have to have http on http://www.mysite.com and https on https://mysite.com

    WTF!

    Almost every site on the internet has SSL for the same domain that it is operating on doesn't it?
    Last edited by qwertyjjj; February 8th, 2013 at 04:34 PM.
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    Technically www.mysite.com and mysite.com are not the same domain. Usually only very large websites have certificates on both. Until recently, even Amazon did not have a valid certificate on both.

    If you want to have HTTPS at both addresses, you can either buy a separate certificate for each, or you can buy a wildcard certificate that covers both. Your host is correct that a normal single domain certificate will not work for both. That is by design, and there's nothing the host can do about it.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  4. #3
  5. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,126
    Rep Power
    9398
    They weren't saying that www.yoursite.com cannot be both HTTP and HTTPS. It totally can. They were saying that www.yoursite.com and yoursite.com (no "www") cannot - at least not with the same certificate.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    81
    Rep Power
    5
    Originally Posted by requinix
    They weren't saying that www.yoursite.com cannot be both HTTP and HTTPS. It totally can. They were saying that www.yoursite.com and yoursite.com (no "www") cannot - at least not with the same certificate.
    The problem seems to be this in the DNS they have
    *.mysite.com A pointing to 71.xx.xx.xxx
    mysite.com A pointing to 71.xx.xx.xxx
    www.mysite.com A pointing to 78.xx.xx.xxx

    The www now has the SSL cert, which is why it points to a different IP.

    So, doesn't this mess up my site? If a user goes to http:www.mysite.com
    it's going to pick up the wrong DNS entry?
  8. #5
  9. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    If a user goes to www.mysite.com it's going to send the request to the IP 78.xx.xx.xxx. Whether that's wrong or messes up your site isn't something I can answer. If your site is working correctly, then it's not wrong. If your site isn't working correctly, then it might be wrong.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    81
    Rep Power
    5
    Originally Posted by E-Oreo
    If a user goes to www.mysite.com it's going to send the request to the IP 78.xx.xx.xxx. Whether that's wrong or messes up your site isn't something I can answer. If your site is working correctly, then it's not wrong. If your site isn't working correctly, then it might be wrong.
    the 78 is the shared SSL. In other words, I will not be able to access my site on http://www.mydomain.com because the dns will never pick it up.
  12. #7
  13. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    You can't have separate DNS entries for HTTP and HTTPS. DNS only operates at the domain name level, it can't deal with ports or services at all.

    A web server that is configured to serve HTTPS traffic is nearly always configured to serve HTTP traffic too.

    Given the way your DNS records are set up, I would expect 78.xx.xx.xxx and 71.xx.xx.xxx to be the same physical server. I would also expect http://mysite.com/, http://www.mysite.com/ and https://www.mysite.com/ to all serve the same content. The first would resolve to the 71 address, and the latter two would resolve to the 78 address.

    However, the fact that you say "shared" SSL is a potential red flag. When a host refers to SSL as being "shared" it means there are some caveats to the way the system is set up that make it not operate like a standard SSL setup. Often the caveat is that you have to access the secured site over the host's domain name (so that you don't have to buy your own certificate), although there is no official technical definition of "shared" SSL so it could mean whatever the host wants it to mean.

    What actually happens right now when you try to visit http://www.mydomain.com/? Do you get a 404 page? Does the connection time out?
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    81
    Rep Power
    5
    Originally Posted by E-Oreo
    You can't have separate DNS entries for HTTP and HTTPS. DNS only operates at the domain name level, it can't deal with ports or services at all.

    A web server that is configured to serve HTTPS traffic is nearly always configured to serve HTTP traffic too.

    Given the way your DNS records are set up, I would expect 78.xx.xx.xxx and 71.xx.xx.xxx to be the same physical server. I would also expect http://mysite.com/, http://www.mysite.com/ and https://www.mysite.com/ to all serve the same content. The first would resolve to the 71 address, and the latter two would resolve to the 78 address.

    However, the fact that you say "shared" SSL is a potential red flag. When a host refers to SSL as being "shared" it means there are some caveats to the way the system is set up that make it not operate like a standard SSL setup. Often the caveat is that you have to access the secured site over the host's domain name (so that you don't have to buy your own certificate), although there is no official technical definition of "shared" SSL so it could mean whatever the host wants it to mean.

    What actually happens right now when you try to visit http://www.mydomain.com/? Do you get a 404 page? Does the connection time out?
    I get a "the server is redirecting in a way that cannot complete" error.
    Some kind of loop that wordpress must be doing to do with sessions or other.
  16. #9
  17. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    Try testing it with just a plain .html file so you can rule out or rule in problems with WordPress. But yes, I agree that it's probably a problem with WordPress.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    81
    Rep Power
    5
    What is the correct way to setup the DNS so that
    http://www.mysite.com goes to IP 71.xx.xx.xxx
    and https://www.mysite.com go to IP 78.xx.xx.xxx

    current dns:
    *.mysite.com A pointing to 71.xx.xx.xxx
    mysite.com A pointing to 71.xx.xx.xxx
    www.mysite.com A pointing to 78.xx.xx.xxx
  20. #11
  21. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    What is the correct way to setup the DNS so that
    http://www.mysite.com goes to IP 71.xx.xx.xxx
    and https://www.mysite.com go to IP 78.xx.xx.xxx
    It is impossible to do that. There is no way to configure DNS so that HTTP goes to one IP and HTTPS goes to a different IP.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  22. #12
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    81
    Rep Power
    5
    Originally Posted by E-Oreo
    It is impossible to do that. There is no way to configure DNS so that HTTP goes to one IP and HTTPS goes to a different IP.
    But this is how the hosting company propose to setup the DNS.
    Perhaps the SSL goes through reverse proxy type setup?
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    24
    Rep Power
    0
    Originally Posted by E-Oreo
    Technically www.mysite.com and mysite.com are not the same domain. Usually only very large websites have certificates on both. Until recently, even Amazon did not have a valid certificate on both.
    If you want to have HTTPS at both addresses, you can either buy a separate certificate for each, or you can buy a wildcard certificate that covers both. Your host is correct that a normal single domain certificate will not work for both. That is by design, and there's nothing the host can do about it.
    I do agree with E-Oreo that mysite.com and www.mysite.com are totally different. But that does not mean you have to buy Wildcard SSL or multi domain SSL, You simply buy domain ssl certificate from GeoTrust and RapidSSL, bear in mind buy ssl for www.mysite.com not for mysite.com

    Dedicated IP address is required to secure your www.mysite.com and mysite.com with rapidssl certificate or geotrust quickssl premium certificate. So you need same IP address for those both domain names like
    Mysite.com: 71.xx.xx.xxx
    www.mysite.com: 71.xx.xx.xxx
    SSLMatrix - Leading SSL Certificate provider.

IMN logo majestic logo threadwatch logo seochat tools logo