: How do I use CPanel to prevent the HTTPS URL for my site from showing somebody else's site? Currently if you go to the https of my site it just goes to another persons site on the server
Currently if you go to the https of my site it just goes to another persons site on the server nothing to do with me.
Anyway, how can I just turn it off port 443 using cPanel so it just either 404's or redirects to my http version instead
More posts by @Frith620
4 Comments
Sorted by latest first Latest Oldest Best
If you use the Apache server, which is likely if you are using CPanel, you can install a .htaccess file that either prohibits HTTPS access or uses URL rewriting to redirect HTTPS URLs to HTTP.
EDIT: As has been pointed out in the comments, what I've explained here isn't entirely true these days (perhaps I'm a bit old fashioned). It may still hold true if your host has not configured their servers for SNI, though.
Shared servers share IP addresses between multiple sites, and use the domain name in the request headers from the user's browser to determine which site to return.
SSL however requires one IP per site because the server doesn't know at first which domain is being requested (due to the request headers being encrypted). Thus it has to determine which site to return based on the IP address.
Multiple IP addresses can easily be bound to the same shared server, and this is how shared hosting supports SSL.
Most shared hosts use one IP on a server for all the non-secure sites, and then have a certain number of IPs they'll assign to each server for the purposes of SSL sites.
It sounds like in this case, the host has just given the main shared IP to one of the secure sites (either that or they've mistakenly set you up on the same IP they already assigned individually to that secure site).
This has the result you're seeing because that solitary secure site is bound to that IP address for HTTPS requests - irrespective of the domain name requested, because that can't be determined.
You can't do anything yourself to fix this. But what you should do is ask your host to assign their IP addresses properly, or if they won't, move hosts.
It does not appear that CPanal has functionality for disabling SSL for your domain for shared hosting situations. Rather, you should use the CPanel functionality for setting up SSL.
If you don't want to pay for a SSL certificate, you can generate and self-sign one yourself. Browsers won't allow users to access your SSL site without bypassing some scary looking warning dialog boxes, but at least it won't show somebody else's site. The full instructions for doing so are here: confluence2.cpanel.net/display/ALD/Generate+an+SSL+Certificate+and+Signing+Request
If you can pay for a certificate, the instructions for installing the certificate that you purchased are here: confluence2.cpanel.net/display/ALD/Purchase+and+Install+an+SSL+Certificate
This is more of a hint rather than an answer (since I don't have reputation points).
Something similar happened to me when I was playing around with nginx file, configuring SSL on a private server. If you are seeing a security error message in Google Chrome before redirection then its quite possible that the server was not configured properly. Being on a shared hosting, there's nothing much you can do since you don't have access to nginx/apache file.
And do note that, as mentioned in comments, shared hosting doesn't have such limitation. I have seen shared hosts providing SSL support without any problem.
Additionally, and this is just a recommendation, switch host! You don't want to be stuck in a security nightmare because of ill configured settings :)
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.