Default Site - If no SSL Certificate is setup

Hi there,

during some customer sites transfers from the old server to the new cleavr setup, I witnessed an issue with sites without SSL Certificate.

Basesetup

  • Created customer website without SSL with Cleavr. (Due to the DNS Settings not yet changed).
  • Migrated everything (DB, Setup,…)
  • Moved DNS Settings to the new server.

Now starts the issue
Due to no SSL and all Browsers automatically changing the URI to the https Version, we get a not wished for beahaviour.

  • The https Version shows an error, because Domain and the allegadly Certificate do not match. Nginx by default choses the first Website for https if none is configured.
    With multiple clients on the same server, this is a big violation of customer and data privacy.

Solutions

  • Cleavr gives a possibility to create a default placeholder Site on each Server and move it up into first position for NGINX. So th
  • Or Cleavr creates themselvs a placeholder for each server for domains and https version which are not yet setup.

I would be very interested in your opinion on this and i am available to test all solutions with you.

Greetings

That’s definitely not the behavior we want to happen. It should be hitting the catch-all record and returning a 404. We’ll look closer into and see why that isn’t being respected.

I have one server with mixed https (let’s encrypt and custom ssl) and http sites.
Works without any problems. I remember me there is a problem if you create a website with ssl and you try run the same site without ssl on a later moment.

And I forgot I have so many test locations on all my server without ssl. So it has to be something different @Houbsi

I thought so too.

But i still have the issue, when i completely create a new Website and also a new subdomain without SSL in the beginning. So a clean install if you will.

But the problem i’m getting is still there.

Otherwise, all sites are provisioned with cleavr and none where added manually. Just some rewrite rules for cms systems have been altered.

I still can’t figure out how or what is the root of this issue from my end.

Steps i tried:

  • Created a Website with SSL and removed it.
  • Created a Website without SSL and tried it.

We have so many sites on our servers and I tried to check all the configurations with the default stuff.
But most of the details of SSL and so forth is on cleavrs specific configurations.

So I hope they still can check this again and maybe tell another point of view for this issue.

Hello @Houbsi,

Can you send me a PM with a list of sites that you’ve had issues with?