Setting up a subdomain that uses a wildcard SSL certificate, using WHM on a VPS from inMotionHosting

Tags: 

cybercour.se is hosted with inMotionHosting, on  a VPS. I wanted the site and all its subdomains to use https exclusively. I bought a wildcard SSL from sslcertificate.com. inMotion installed it, for a small fee. So far, so good.

I set up a subdomain (wiki.cybercour.se) as usual. No problem. 

This article showed how to force all http traffic to use https instead. It involves editing the .htaccess file in the subdomain's root. No problem.  

This is a Drupal site. When I use Drush to update Drupal core, the changes to .htaccess will be lost. I don't know what the best way to handle that is.

When I went to https://wiki.cybercour.se, I got the page at https://cybercour.se. Problem!

I messed about for hours trying to fix this. I won't bore you with the detail, just show you what worked for me.

Here are the steps:

  1. Find the VirtualHost configuration for _wildcard_.yoursite.com.
  2. Adjust it for the subdomain - but be careful!
  3. Use WHM (a control panel thingy inMotion provides) to add the new VirtualHost definition to Apache's config.
  4. Restart Apache.

You'll need root access for this. Request it from inMotion.

I needed to do the stuff below for my main site as well, not just the subdomains. Otherwise, browsers would report sec_error_revoked_certificate. Just me? No idea. Applies to you? No idea.

1. Find the VirtualHost https configuration for _wildcard_.yoursite.com

This is in httpd.conf. I expected to find that file under /etc somewhere. However, inMotion puts it in /usr/local/apache/conf. 

Search the file for a VirtualHost entry with 443 as the port. There will be more than one. Look for the one with _wildcard_ in it. It will look something like this:

  1. <VirtualHost xxx.xxx.xxx.xxx:443>
  2.     ServerName _wildcard_.yoursite.com
  3.     ServerAlias *.yoursite.com
  4.     DocumentRoot /home/you/public_html
  5.     ServerAdmin webmaster@yoursite.com
  6.     UseCanonicalName Off
  7.     CustomLog /path/_wildcard_.yoursite.com combined
  8.     CustomLog /path​/_wildcard_.yoursite.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
  9. ...
  10.     ScriptAlias /cgi-bin/ /home/you/public_html/cgi-bin/
  11.     SSLEngine on
  12.     
  13.     SSLCertificateFile /path​/_wildcard__yoursite_com_long_hex_number.crt
  14.     SSLCertificateKeyFile /path/long_hex_number.key
  15.     SSLCACertificateFile /path/strange_file_name.cabundle
  16.     CustomLog /path​/_wildcard_.yoursite.com-ssl_log combined
  17.     SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
  18.     <Directory "/home/you/public_html/cgi-bin">
  19.         SSLOptions +StdEnvVars
  20.     </Directory>
  21. ...
  22. </VirtualHost>

Make a copy of this and put it in your fave editor.

2. Adjust the config for the subdomain - but be careful!

Adjust the URL, site root, and log files, but don't mess with the SSL stuff.

Let's take line 2:

ServerName _wildcard_.yoursite.com

Your subdomain is subby, so change it to:

ServerName subby.yoursite.com

Line 3 is:

ServerAlias *.yoursite.com

Make it something like:

ServerAlias www.subby.yoursite.com

(Actually, I'm not sure about that one, but nothing has blown up. Yet.)

Line 4:

DocumentRoot /home/you/public_html

This is the path to your subsite's files on the server. Make it...

DocumentRoot /home/you/subdomains/subby

... or whatever the right path is. 

Line 5:

ServerAdmin webmaster@yoursite.com

You know what to do with that.

Line 7:

CustomLog /path/_wildcard_.yoursite.com combined​

... becomes ...

CustomLog /path/subby.yoursite.com combined​

Same thing for line 8.

Line 10 is:

ScriptAlias /cgi-bin/ /home/you/public_html/cgi-bin/

Add the path to your own site's root:

ScriptAlias /cgi-bin/ /home/you/subdomains/subby/cgi-bin/

Line 13 is:

SSLCertificateFile /path​/_wildcard__yoursite_com_long_hex_number.crt

Don't change it!

This is a path to a specific SSL file. Suppose you changed the file name to subby_yoursite_com_long_hex_number.crt. That file does not exist. Things will break. You will be sad.

Here are lines 16 and 18:

CustomLog /path​/_wildcard_.yoursite.com-ssl_log combined
...
<Directory "/home/you/public_html/cgi-bin">

Change them to:

CustomLog /path​/subby.yoursite.com-ssl_log combined
...
<Directory "/home/you/subdomains/subby/cgi-bin">

Done with this step. Hooray!

3. Use WHM to add the new VirtualHost definition to Apache's config.

Log in to WHM as root. Go to the Apache configuration page. Click on Include Editor. This lets you add custom stuff to httpd.conf, without editing the file directly.

Go to the section Pre Virtual Host Include. Whatever you add here will be shoved into httpd.conf, in the VirtualHost section.

There'll be a dropdown to select the Apache version you want to configure. I selected All versions.

A textarea will appear. It might have some stuff in it already. Leave it there. You'll be adding your stuff under that.

Paste in the text you edited in step 2 above. Click the Update button.

WHM will run a syntax check of your config. Fix any errors before proceeding. 

4. Restart Apache

Do it. 

Achievement awarded!

You should now be able to access https://subby.yourdomain.com. Woohoo! You rock!

Dubitation is appropriate here. I'm no expert on this stuff. There way well be a better way to do this. YMMV, and all that.