Hello,
I’m using VPS with CentOS 7 and Cyberpanel Ver. 2.3
Actually, I have 3 domains named: abc.com, pqrs.com, and xyz.com from these 3 one of my domain named pqrs.com got expired because there’s no need for that but my databases of pqrs.com still on my VPS. Now the resultant for other 2 domains named abc.com and xyz.com subdomain named go.abc.com and goes.xyz.com’s SSL certificate shows in the name of pqrs.com when I’m using browsers to visit my website, a security risk message displayed and shows connection is not secure.
Recently, I have deleted my domain named pqrs.com from the Cyberpanel, but the problem is still present.
How to resolve this?
Hello @Emilia
Verify the virtual host configurations for your subdomains in CyberPanel to ensure they are not still referencing the expired domain’s certificate.
Please Review my httpd_config.conf 
#
# PLAIN TEXT CONFIGURATION FILE
#
#It not set, will use host name as serverName
serverName
user nobody
group nobody
priority 0
autoRestart 1
chrootPath /
enableChroot 0
inMemBufSize 60M
swappingDir /tmp/lshttpd/swap
autoFix503 1
gracefulRestartTimeout 300
mime conf/mime.properties
showVersionNumber 0
adminEmails root@localhost
indexFiles index.html, index.php
disableWebAdmin 0
errorlog logs/error.log {
logLevel DEBUG
debugLevel 0
rollingSize 10M
enableStderrLog 1
}
accessLog logs/access.log {
rollingSize 10M
keepDays 30
compressArchive 0
logReferer 1
logUserAgent 1
}
expires {
enableExpires 1
expiresByType image/*=A604800,text/css=A604800,application/x-javascript=A604800,application/javascript=A604800,font/*=A604800$
}
tuning{
maxConnections 10000
maxSSLConnections 10000
connTimeout 300
maxKeepAliveReq 10000
smartKeepAlive 0
keepAliveTimeout 5
sndBufSize 0
rcvBufSize 0
gzipStaticCompressLevel 6
gzipMaxFileSize 10M
eventDispatcher best
maxCachedFileSize 4096
totalInMemCacheSize 20M
maxMMapFileSize 256K
totalMMapCacheSize 40M
useSendfile 1
fileETag 28
SSLCryptoDevice null
maxReqURLLen 32768
maxReqHeaderSize 65536
maxReqBodySize 2047M
maxDynRespHeaderSize 32768
maxDynRespSize 2047M
enableGzipCompress 1
enableBrCompress 4
enableDynGzipCompress 1
gzipCompressLevel 6
brStaticCompressLevel 6
compressibleTypes default
gzipAutoUpdateStatic 1
gzipMinFileSize 300
quicEnable 1
quicShmDir /dev/shm
}
accessDenyDir{
dir /
dir /etc/*
dir /dev/*
dir conf/*
dir admin/conf/*
}
fileAccessControl{
followSymbolLink 1
checkSymbolLink 0
requiredPermissionMask 000
restrictedPermissionMask 000
}
perClientConnLimit{
staticReqPerSec 0
dynReqPerSec 0
outBandwidth 0
inBandwidth 0
softLimit 10000
hardLimit 10000
gracePeriod 15
banPeriod 300
}
CGIRLimit{
maxCGIInstances 20
minUID 11
minGID 10
priority 0
CPUSoftLimit 10
CPUHardLimit 50
memSoftLimit 1460M
memHardLimit 1470M
procSoftLimit 400
procHardLimit 450
}
accessControl{
allow ALL
deny
}
extProcessor lsphp{
type lsapi
address uds://tmp/lshttpd/lsphp.sock
maxConns 10
env PHP_LSAPI_CHILDREN=10
env LSAPI_AVOID_FORK=200M
initTimeout 60
retryTimeout 0
persistConn 1
pcKeepAliveTimeout
respBuffer 0
autoStart 1
path $SERVER_ROOT/lsphp73/bin/lsphp
backlog 100
instances 1
priority 0
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 1400
procHardLimit 1500
}
scriptHandler{
add lsapi:lsphp php
}
railsDefaults{
binPath
railsEnv 1
maxConns 1
env LSAPI_MAX_IDLE=60
initTimeout 60
retryTimeout 0
pcKeepAliveTimeout 60
respBuffer 0
backlog 50
runOnStartUp 3
extMaxIdleTime 300
priority 3
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 500
procHardLimit 600
}
wsgiDefaults{
binPath
railsEnv 1
maxConns 5
env LSAPI_MAX_IDLE=60
initTimeout 60
retryTimeout 0
pcKeepAliveTimeout 60
respBuffer 0
backlog 50
runOnStartUp 3
extMaxIdleTime 300
priority 3
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 500
procHardLimit 600
}
nodeDefaults{
binPath
railsEnv 1
maxConns 5
env LSAPI_MAX_IDLE=60
initTimeout 60
retryTimeout 0
pcKeepAliveTimeout 60
respBuffer 0
backlog 50
runOnStartUp 3
extMaxIdleTime 300
priority 3
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 500
procHardLimit 600
}
virtualHost Example{
vhRoot Example/
allowSymbolLink 1
enableScript 1
restrained 1
maxKeepAliveReq
smartKeepAlive
setUIDMode 0
chrootMode 0
configFile conf/vhosts/Example/vhconf.conf
}
listener Default{
map go.abc.com go.abc.com
map goes.xyz.com goes.xyz.com
map mail.abc.com mail.abc.com
map abc.com abc.com
map mail.xyz.com mail.xyz.com
map xyz.com xyz.com
map mail.pqrs.com mail.pqrs.com
map pqrs.com pqrs.com
address *:80
secure 0
}
vhTemplate centralConfigLog{
templateFile conf/templates/ccl.conf
listeners Default
}
vhTemplate EasyRailsWithSuEXEC{
templateFile conf/templates/rails.conf
listeners Default
}
module cache {
ls_enabled 1
checkPrivateCache 1
checkPublicCache 1
maxCacheObjSize 10000000
maxStaleAge 200
qsCache 1
reqCookieCache 1
respCookieCache 1
ignoreReqCacheCtrl 1
ignoreRespCacheCtrl 0
enableCache 0
expireInSeconds 3600
enablePrivateCache 0
privateExpireInSeconds 3600
}
virtualHost pqrs.com {
vhRoot /home/$VH_NAME
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
listener SSL {
map go.abc.com go.abc.com
map goes.xyz.com goes.xyz.com
map mail.abc.com mail.abc.com
map abc.com abc.com
map mail.xyz.com mail.xyz.com
map xyz.com xyz.com
map mail.pqrs.com mail.pqrs.com
address *:443
secure 1
keyFile /etc/letsencrypt/live/pqrs.com/privkey.pem
certFile /etc/letsencrypt/live/pqrs.com/fullchain.pem
certChain 1
sslProtocol 24
ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA$
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
map pqrs.com pqrs.com
}
virtualHost mail.pqrs.com {
vhRoot /home/pqrs.com
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
virtualHost xyz.com {
vhRoot /home/$VH_NAME
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
virtualHost mail.xyz.com {
vhRoot /home/xyz.com
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
virtualHost abc.com {
vhRoot /home/$VH_NAME
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
virtualHost mail.abc.com {
vhRoot /home/abc.com
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
virtualHost goes.xyz.com {
vhRoot /home/xyz.com
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
virtualHost go.abc.com {
vhRoot /home/abc.com
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
listener SSL IPv6 {
address [ANY]:443
secure 1
keyFile /etc/letsencrypt/live/pqrs.com/privkey.pem
certFile /etc/letsencrypt/live/pqrs.com/fullchain.pem
certChain 1
sslProtocol 24
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
map pqrs.com pqrs.com
}
Please advice me where I can make changes.
Thanks
Without digging deep into this issue first of all I will suggest you to move all of your sites as soon as possible away from centos 7.
Hello,
Some interesting thing happened:
-
When I can set abc.com as SSL Listener ( IPv4 & IPv6), then xyz.com work fine. While abc.com shows 404 error.
-
When I can set xyz.com as SSL Listener ( IPv4 & IPv6), then abc.com work fine. While xyz.com shows 404 errors.
-
When I set anyone either abc.com or xyz.com as SSL Listener ( IPv4 & IPv6) and Restart OpenLiteSpeed, then for 10-15 min both domains and subdomain’s works fine.
-
How can?
Thanks