Jump to content


LiveZilla HTTPS Config causing SNI misredirect on our domain

SSL HTTPS

7 replies to this topic

#1 Granwille

    Member

  • Members
  • PipPip
  • 26 posts
  • LocationNamibia

Posted 01 March 2018 - 07:02 AM

Hi,

We have LiveZilla installed to our sub domain name 'chat.namhost.com' the application itself is working perfectly fine, the issue based on our server logs is that LiveZilla has a misconfig for HTTPS requests and keeps causing SNI misredirects on the domain name 'namhost.com'. This is causing a lot of requests on the domain name to fail like online payment procedures, our WHMCS installation etc.

Apache error log entry:
[Wed Feb 28 15:31:07.549643 2018] [ssl:error] [pid 28318:tid 139774463579904] AH02032: Hostname chat.namhost.com provided via SNI and hostname www.namhost.com provided via HTTP have no compatible SSL setup

Here is also a screenshot of the SSL errors we see on the browser application: https://s3.amazonaws...5LT/Capture.JPG

I can also confirm that the SSL installed on the domain name 'chat.namhost.com' is perfectly fine, here is proof: https://www.sslshopp...hat.namhost.com

Can someone please assist with this?

#2 Granwille

    Member

  • Members
  • PipPip
  • 26 posts
  • LocationNamibia

Posted 01 March 2018 - 07:40 AM

Hi,

I managed to get some of the SSL errors resolved, now I only get this error from the above screenshot:

Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘https://ssl.livezilla.net’) does not match the recipient window’s origin (‘https://chat.namhost.com’). -> I believe this may be the cause?

#3 Patrick Keil

    Administrator

  • Administrators
  • 3600 posts
  • LocationSingen, Germany

Posted 01 March 2018 - 09:55 AM

Hi Granwille,

Thanks for bringing this to our attention.

I assume your see this error on operator side, correct? I can replicate the error and it seems to be a timing issue. We will try to fix that for the next update 7.0.9.3.

Cheers.

#4 Granwille

    Member

  • Members
  • PipPip
  • 26 posts
  • LocationNamibia

Posted 02 March 2018 - 06:23 AM

Hi,

Actually no, Its effecting our entire 'namhost.com' domain name. Is there perhaps a temp fix for now, because as I mentioned its causing our online payment gateway to fail at times, its also causing other HTTPS requests to fail each time.

#5 Patrick Keil

    Administrator

  • Administrators
  • 3600 posts
  • LocationSingen, Germany

Posted 02 March 2018 - 09:54 AM

No? According to your screenshot this error occours on operator side (chat.php).

We don't use postMessage function on visitor side.

How could this client side issue affect your entire server?

I am referring to this error:
https://s3.amazonaws...5LT/Capture.JPG

#6 Granwille

    Member

  • Members
  • PipPip
  • 26 posts
  • LocationNamibia

Posted 05 March 2018 - 05:38 AM

Hi,

Apologies for the delayed response, I assumed that was part of the error. As mentioned Livezilla is causing misdirects on the entire 'namhost.com' domain name. See our server Apache log:

[Wed Feb 28 15:31:07.549643 2018] [ssl:error] [pid 28318:tid 139774463579904] AH02032: Hostname chat.namhost.com provided via SNI and hostname www.namhost.com provided via HTTP have no compatible SSL setup

If I dig a bit deeper, in fact, it is impossible for a regular browser to trigger the SNI/HTTP mismatch as this would require a custom HTTP client software. Below is the script link located in the template for the site that I found:

# grep -r --include=\*.php chat\\.namhost\\.com
sites/all/themes/namhost/templates/html.tpl.php:<script type="text/javascript" id="37eac514dab677c55eeaa486e79904bd" src="https://chat.namhost.com/script.php?id=37eac514dab677c55eeaa486e79904bd"></script>


To summarize, what I believe is happening here is that the Livezilla chat client is either misconfigured or has a bug that is causing it to use initially a different hostname "chat.namhost.com" for the TLS connection when setting up the encryption for HTTPS, and then sending the HTTP headers with a mismatched hostname of "www.namhost.com". This is triggering the error in https://s3.amazonaws...Q4b/Capture.JPG.

#7 Patrick Keil

    Administrator

  • Administrators
  • 3600 posts
  • LocationSingen, Germany

Posted 06 March 2018 - 09:45 AM

There's are two settings affecting the URLs used in LiveZilla.

1.) Your server profile (LiveZilla APP -> Profile -> URL)
2.) The server url specified under Server Configuration -> Server - > Server URL. (you may want to turn off the auto detection)

Hope this helps.

#8 Granwille

    Member

  • Members
  • PipPip
  • 26 posts
  • LocationNamibia

Posted 08 March 2018 - 06:43 AM

Hi,

Sadly this does not help me at all, we do not use the LiveZilla APP at all only the browser console. Below is a screenshot of our URL settings as well:

- https://s3.amazonaws...qx/Livezila.png

The URL mismatches only seem to start as soon as I login as administrator on LiveZilla I believe because if I do not login it does not seem to throw out the error at all. Is there any other advice you can provide or give assassinate on. I need one of your Tech to actually login on the server and such to troubleshoot this for me?





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users