So, what a day today has been!  Usually when you think of installing SSL certificates (if you have installed them before) you think it will take you no more than an hour to set the whole thing up, right?  Well, not when it involves CPanel/WHM and wildcard certificates!

This took me hours of figuring and even resorted to ask numerous programmers (one of them sent me a long letter to say they don’t like the fact that I am asking them this question unless he charges me) that I know to help out as well as working with the hosting company with the situation, which all turned out to be dead ends.  I really hope my time spent on this will help others out without the annoying responses that are spread all throughout the web on this subject.

Here is the situation:

I have a wildcard certificate purchased from Godaddy. In order to install this certificate I needed to set the user to nobody on installation, which is next to the domain text field when you install it through WHM.  This field is usually populated with the user for that domain, but needed to be changed to “nobody”.  Installation finished.

With the certificate installed I now wanted to see it in action.  Went to www.mydomain.com and it WORKED!  Sweet, I’m on my way!  Then, I attempted to go to username.mydomain.com and it worked too!! We are on a roll.  Now, I wanted to make sure admin.mydomain.com worked and failed miserably. The admin was added as a sub domain to my main domain (from CPanel) and the document root was public_html for SSL even though for port 80 traffic it was public_html/admin.  This is the issue.

The fix is really simple.

People were saying that you needed to have all your sub domains in separate accounts in CPanel, they were talking about copying and pasting SSL files from place to place with different user accounts then compiling them all together to hope it doesn’t break.

I started by modifying the httpd.conf file its self and decided, with the strong suggestion from CPanel comments in the file, not to do that… smart huh. With a little bit of research into the include files that CPanel supply’s us I was able to find one that would make all this possible.

I will layout exactly what I did in the steps below:

1. go to

   /usr/local/apache/conf/httpd.conf

2. scroll down to the virtual host containers for port 443
3. copy one of the full containers (also <IfDefine SSL>) and paste it in a text document somewhere (most likely your *. definition)
4. go to

   /etc/httpd/conf/includes/pre_virtualhost_2.conf

   (may be different for your install)

5. paste the virtual host container you copied to your text file
6. modify the virtual host container to reflect the sub domain you are trying to set up.
7. Run:

   /usr/local/cpanel/bin/apache_conf_distiller --update

8. Run:

   /usr/local/cpanel/bin/build_apache_conf

9. Restart Apache
10. repeat steps 5 through 9 as needed

Here is a sample copied and modified port 443 virtualhost container to be added to pre_virtualhost_2.conf

<IfDefine SSL>
     <VirtualHost xxx.xxx.xx.xxx:443>
     ServerName admin.mydomain.com
     DocumentRoot /home/mydomain.com/public_html/admin
     ServerAdmin webmaster@mydomain.com
     UseCanonicalName off
     CustomLog /usr/local/apache/domlogs/admin.mydomain.com combined
     CustomLog /usr/local/apache/domlogs/admin.mydomain.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."

     ## User dswa # Needed for Cpanel::ApacheConf
     <IfModule mod_suphp.c>
          suPHP_UserGroup nobody nobody
     </IfModule>

     <IfModule !mod_disable_suexec.c>
          SuexecUserGroup nobody nobody
     </IfModule>

     ScriptAlias /cgi-bin/ /home/mydomain.com/public_html/cgi-bin/

     SSLEngine on
     SSLCertificateFile /etc/ssl/certs/*.mydomain.com.crt
     SSLCertificateKeyFile /etc/ssl/private/*.mydomain.com.key
     SSLCACertificateFile /etc/ssl/certs/*.mydomain.com.cabundle
     ErrorLog /usr/local/apache/domlogs/admin.mydomain.com-ssl_data_log
     CustomLog /usr/local/apache/domlogs/admin.mydomain.com-ssl_log combined
     SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

     <Directory "/home/mydomain.com/public_html/cgi-bin">
          SSLOptions +StdEnvVars
     </Directory>

     # To customize this VirtualHost use an include file at the following location
     # Include "/usr/local/apache/conf/userdata/ssl/2/mydomain.com/wildcard_safe.mydomain.com/*.conf"

</VirtualHost>
</IfDefine SSL>

This entry was posted on Wednesday, October 14th, 2009 at 3:22 pm and is filed under Cpanel. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.