Install SSL on shared IP

Portal Home > Knowledgebase > Articles Database > Install SSL on shared IP

Posted by mark103, 04-30-2017, 02:30 PM
Hi all, I need your help with SSL on shared IP. I have SSL on my server which it show that the certificate has not been verified but the certificate is secure on TLS 1.2. Here is the picture: http://i.imgur.com/IkU2S9j.jpg Do you know how I can get the SSL certificate on my server IP? What I need to do to get it working? I use CentOS 6.9. Thanks in advance
Posted by BoomHost-Kumar, 04-30-2017, 03:01 PM
If you already have a SSL cert then what domain/sub-domain is it issued for? Your screenshot shows that you are trying to hit the HTTPS URL using the IP address. Try using the FQDN that is currently associated with the cert.
Posted by mark103, 04-30-2017, 03:21 PM
Yeah that is correct. Is that possible if I can issue SSL cert for the IP address?? how I can get FQDN install the SSL cert on my server as I use CentOS 6.9??
Posted by BoomHost-Kumar, 04-30-2017, 03:30 PM
Yes, it is possible to buy SSL cert from a commercial CA (Certificate Authority) and issued to an IP address as long as it is a Public IP (Internet Routable) address. If you are going to be issuing/using a cert issued to an IP address then you don't have to worry about using FQDN (Fully Qualified Domain Name) as there will be no domain name involved. Refer to https://wiki.centos.org/HowTos/Https for instructions on setting up SSL/HTTPS on a CentOS. If you have control panel like cPanel running on that server then the process will be different and actually easier compare to the above.
Posted by mark103, 04-30-2017, 03:43 PM
Why do I need to buy SSL certificate when I have a software on my server that can give me free SSL certificate in every 3 months?? I do have cPanel, but how I can use the server IP to install the cert as I don't have the domain name?? Do you know what I need to do?
Posted by floxera-jose, 04-30-2017, 04:24 PM
You only need to add a rule in your .htaccess to forward all the visitors to https. Google might be your friend in this issue.
Posted by Phil McKerracher, 04-30-2017, 04:38 PM
It sounds like you have Letsencrypt on your server and a version of cPanel that can use it. In that case all you have to do is click the Letsenrypt button and a new certificate will be generated for your domain and installed on the server. It doesn't matter what the server name or IP address is or what version of operating system you are using.
Posted by mark103, 04-30-2017, 05:04 PM
I have Lets Encrypt SSL on the cPanel. I can only add the domain name in the list so it will only show SSL for my domain name, not my IP address. I dont know what to do. Can you help?
Posted by BoomHost-Kumar, 04-30-2017, 05:20 PM
To be quiet honest I don't think I personally ever issued a cert bonded to an IP addres via cPanel (have done it in the Windows world). Hopefully, someone might be able to chime in here and assist you better... You did say "Shared IP" which makes me curious if this is a server at a "Shared Hosting" environment or a server that you manage and only runs your own websites that all "share" the same IP?
Posted by linux4me, 04-30-2017, 06:47 PM
It sounds like your host has AutoSSL enabled on cPanel. The certificates by default come from cPanel, but there is a Let's Encrypt plugin available for it too if your host has set that up. I've only used AutoSSL from WHM, not cPanel, but I expect it will behave the same from cPanel. When you activate it for a domain, AutoSSL installs a certificate on each domain and subdomain of that domain. AutoSSL does work on shared IP addresses in current versions of WHM.
Posted by mark103, 04-30-2017, 07:24 PM
My server don't have AutoSSL as I've tried to install it via putty commend: When I try it, it will come up with this: I don't really know what to do as I can't find out where I can find the directory is on my server as I don't think I do have one. And I can't find on the internet where I could get the autossl from so I could use it via wget to download the file on my server and install it. Can you help?? I use CentOS 6.9 (Final)
Posted by linux4me, 04-30-2017, 07:35 PM
AutoSSL is independent of Let's Encrypt, and I believe as of the current version of WHM (64), Let's Encrypt isn't installed by default, but you don't need it, as there is a Comodo-supported cPanel alternative for domain-validated SSL certs in AutoSSL. I may have misunderstood. Do you have access to WHM or just cPanel? If you have access to WHM, you just go SSL/TLS -> Manage AutoSSL -> Choose an AutoSSL provider -> Save. Following that, you can enable AutoSSL for each account (or all of them) on the server using the "Manage Users" tab. AutoSSL won't show up in each accounts' cPanel unless it is enabled in WHM -> Packages -> Feature Manager -> default. You can find more info about AutoSSL in the cPanel docs.
Posted by mark103, 04-30-2017, 08:00 PM
I don't have SSL/TLS on my server, because my cPanel and WHM version is 56.0 (build 47). I will need to upgrade it, but I can't upgrade it because I will get this: My operating system is (include version): CentOs 6.9 (Final) 32-bit My web server is (include version): i686 i686 i386 GNU/Linux I'm using a control panel to manage my site as the version of the control panel is: 56.0 (build 47) Do you know why I can't update the latest version for cPanel and WHM??
Posted by ForgottenTech, 04-30-2017, 08:23 PM
Why are you not using CentOS 7? How old is this server? Not to mention your not using x64 bit? Sent from my iPhone 7 Plus using Tapatalk
Posted by linux4me, 05-01-2017, 12:18 PM
I think the reason you can't upgrade WHM/cPanel is because you are still using a 32-bit OS. The current version of WHM/cPanel is only available for 64-bit, I think. Take a look at their system requirements for v. 62. They're up to v. 64. It looks like you'd have to upgrade your OS, then upgrade WHM/cPanel. Oh, and by the way, you can still be using CentOS 6.x. There are some advantages; for example, there's a cPanel-hardened kernel available for CentOS 6, but not for CentOS 7 yet.
Posted by Phil McKerracher, 05-01-2017, 12:43 PM
If the OS is not supported any more (by cPanel) it's probably insecure and therefore it's a very good idea to upgrade it soon before it's hacked. However, if you're wondering how to do that exactly, can I just say from experience that you are likely to hit compatibility problems in the process so make sure you have good backups and plenty of time. I find the best way is to rent a completely new server (maybe even at a different hosting company) and move sites over one by one using backup and restore.
Posted by mark103, 05-01-2017, 02:52 PM
Oh I see, so is WHM/cPanel not supporting on 32-bit anymore for upgrading? If so I will have to sort it out on my server to move all of my files to my computer and then I will have to reinstall the OS with CentOS 64-bit so hopefully it won't give me anymore problems. Before I do this, let me ask you a question. If I upgrade to CentOS 6.9 64bit and install AutoSSL on my server, would they support SSL for IP Address?
Posted by mark103, 05-01-2017, 02:56 PM
I could upgrade to CentOS 7, but I am not sure if I should do. Are there going to be alot of RAM I would need if I upgrade to CentOS 7 64-bit? I have got 4GB of ram on my server and I don't want the RAM to be eaten alot when I run the OS, the software, cPanel and WHM at the same time.
Posted by mark103, 05-01-2017, 02:58 PM
Thank you very much for your advice, I'd agree with you as it is a good idea to upgrade it before it get hacked. I have been hacked quite few times when I used the old version of CentOS so I don't want this happens again this time. Do you recommend if I should upgrade to CentOS 6.9 64-bit if they are more secure??
Posted by mjfleming, 05-01-2017, 03:01 PM
CentOS 6 EOL is 2020.... y u do this cPanel?~
Posted by Phil McKerracher, 05-01-2017, 03:31 PM
I haven't used CentOS recently, sorry, I prefer Ubuntu because it's more comprehensive and up to date. But any of the "Grade A" systems here should be OK https://www.virtualmin.com/os-support.html
Posted by linux4me, 05-01-2017, 03:32 PM
Going by what I see on that link to their system requirements, it does look like cPanel is no longer supporting 32-bit. I am running CentOS 6.x 64-bit on a VPS with WHM/cPanel v. 64, and it has AutoSSL included, so I don't think you'll have to install AutoSSL, just enable it. If I understand you what you are asking, with AutoSSL you do not need to have a dedicated IP address to install a domain-validated AutoSSL certificate for a domain.
Posted by ashley9, 05-02-2017, 05:00 PM
Youjust need to add a specific rule in your .htaccess file to divert or forward all of the visitors to https. & Google might be going help in this issue.