I have recently changed my site to an IP based site for SSL purposes. I can browse to the site when I remote into the server. Locally, however, the site will not ping or traceroute or browse or nothing. Any suggestions?

Originally posted by KevinRHurst
I have recently changed my site to an IP based site for SSL purposes. I can browse to the site when I remote into the server. Locally, however, the site will not ping or traceroute or browse or nothing. Any suggestions?

Can you give some more details as to what you did? What IP? What Domain? Are you running your own DNS servers or are you using Server Beaches or someone elses?

DXD,

The IP is 69.44.63.107 (frunder.com)
I am using ServerBeach's DNS.

Thanks for the quick response!

TraceRoute to 69.44.63.107 [www.frunder.com]

Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 66.98.244.1 gphou-66-98-244-1.ev1.net
2 2 1 0 66.98.241.4 gphou-66-98-241-4.ev1.net
3 0 0 0 66.98.240.3 gphou-66-98-240-3.ev1.net
4 2 1 1 64.245.101.57 -
5 94 1 2 64.1.2.89 p3-0-0.mar2.houston4-tx.us.xo.net
6 6 6 7 65.106.4.205 p4-1-0.rar2.dallas-tx.us.xo.net
7 27 66 50 65.106.0.9 p6-0-0.rar1.atlanta-ga.us.xo.net
8 27 27 27 65.106.1.26 p0-0-0d0.rar2.atlanta-ga.us.xo.net
9 40 40 40 65.106.0.5 p1-0-0.rar2.washington-dc.us.xo.net
10 41 40 41 65.106.3.206 p7-0-0.mar2.washington5-dc.us.xo.net
11 42 41 41 64.1.7.186 p7-0.chr1.washington5-dc.us.xo.net
12 41 41 41 209.49.80.6 -
13 42 42 44 69.44.56.67 -
14 42 42 42 69.44.63.107 www.lambfoundation.com

Trace complete


The first thing I see is your PTR record at server beach is www.lambfoundation.com

How many IP addresses do you have for this server?

going to www.lambfoundation.com works and also with ssl it works.

You can only have 1 SSL Certificate per IP address. The ssl certifcate has to be registered with the domain name you plan to use it for.

The IP address you gave Already has an SSL Certificate assigned to it which is for the www.lambfoundation.com so you can't have another SSL certificate on that ip address and you can not have www.frunder.com poing to that IP address because the SSL certificate would fail.

That's very weird. This IP (69.44.63.107) should be pointing to frunder.com not lambfoundation.com. When I ping lambfoundation.com locally & on the ServerBeach server I get 69.44.152.79 not 69.44.63.107. When I ping frunder.com, it resolves to 69.44.63.107, it just times out locally, however. Right now, there are three different IPs on the server (all due to SSL). I am not quite sure why your ping/traceroute pointed to lambfoundation.com. Is there a ServerBeach setting I am unaware of or that got messed up so the IPs are wrong?

DXD,

I checked the DNS tool under MyServerBeach. The PTR there says the IP for frunder.com is 69.44.63.107 & the lambfoundation.com is 69.44.152.79. Is there something I am missing here?

According do DNSReports, the PTR for frunder.com goes to 69.44.63.107. When I go to www.frunder.com, it does come up though.


http://www.dnsreport.com/tools/dnsreport.ch?domain=frunder.com

Should I just wait longer for the DNS to fully propigate to where I am located (New Mexico)? I started this process on Friday & just have never seen it take this long.

This isn't a dns propagation issue. The ip correctly resolves for me to the 69.44.63.107 ip address, but the server doesn't appear to be listening on port 80 or on 443.

Are you sure the website is running and that your firewall isn't blocking those ports on that ip?

IIS has it listening for TCP at 80 & 443 for SSL. Is there a way to set this in Ensim instead? I have found that changes in Ensim do not always reflect in IIS & that Ensim seems to override IIS.

On the server, the site is deffinately running. The firewall is not blocking the port.

My guess would be to check your websites in the MMC for IIS and make sure you have specifically selected the IP address that should belong to it for the SSL Certificate and that you have not selected the option that uses all available ip addresses. Then check the host headers on each make sure they are correct.

DXD,

Yeah, that was one of the first things I checked.

:bang:

The site is not running as an IP-based site. You can tell this because browsing to http://69.44.63.107/ produces an Invalid Hostname error. Double-check the site's identities and make sure the site is configured to respond on 69.44.63.107 without a host header. This is important, because you won't be able to use host headers with SSL as the header information is encrypted before it is sent with the request and therefore IIS cannot determine which site the client is asking for. That's why we need dedicated IPs for SSL.

There also seems to be some DNS confusion here. I don't believe the MyServerBeach DNS tool allows you to directly set PTR records as that responsibility is delegated to the owner of the IP block, which would be ServerBeach in this case. So, unless you specify in a ticket that you want your PTR changed, you cannot alter it. You're most likely confusing an A (subdomain) record with the PTR. As of this moment, I wouldn't worry about the PTR, since it doesn't really play a role in anything HTTP related. Just make sure your A/CNAME records are configured properly and IIS knows that the site is IP-based.

Thanks everyone so far, but stilll not quite there.

Kyle, do you check the identities through IIS?

It is very weird now since both http://www.frunder.com & http://frunder.com work. However, http://69.44.63.107 (Bad Request (Invalid Hostname)) does not work. It still is resolving to http://www.lambfoundation.com (another site on our server) when you tracert. How can I change this? Both WhoIs & the server say that http://www.lambfoundation.com is going to the right IP (69.44.152.79).

We have another IP based site with host headers that is working fine (http://meganspantry.com) so that also makes it confusing.

As far as I can tell, Kyle, the site's A/CNAME record is pointing to the right IP & IIS (Ensim) has it assigned as an IP-based (69.44.63.107) site.


:bang:

Originally posted by KevinRHurst
Thanks everyone so far, but stilll not quite there.

Kyle, do you check the identities through IIS?

It is very weird now since both http://www.frunder.com & http://frunder.com work. However, http://69.44.63.107 (Bad Request (Invalid Hostname)) does not work. It still is resolving to http://www.lambfoundation.com (another site on our server) when you tracert. How can I change this? Both WhoIs & the server say that http://www.lambfoundation.com is going to the right IP (69.44.152.79).

We have another IP based site with host headers that is working fine (http://meganspantry.com) so that also makes it confusing.

As far as I can tell, Kyle, the site's A/CNAME record is pointing to the right IP & IIS (Ensim) has it assigned as an IP-based (69.44.63.107) site.


:bang:
Yes, you'll want to check the identities through IIS. When I used it, I'd found that many a time, Ensim did not perform its job reliably and I had to manually alter things in the IIS Administrator.

Also, I can't stress this enough, but the PTR in DNS plays absolutely no role in HTTP communication. You're thinking about this all wrong. An IP does not resolve directly to a site. IP addresses resolve to servers, which may be running web server software, configured to respond with a certain site on that IP. A PTR entry in DNS is only used for reverse DNS lookups, which a tracert will do. You can change it by submitting a ticket in MyServerBeach.

Another thing you might want to check is to make sure that the site has at least one identity entry on the IP address that does not use host headers so that the host will respond with the proper site instead of Invalid Hostname when you request http://69.44.63.107. For example, I host a dedicated IP site and it responds on http://69.93.181.94 and http://www.bobbeetec.com. It should work like that.

Thanks again, Kyle. Also, thanks to DXD, Tim, & cmurphy54 for your responses.

I received an email from ServerBeach stating that they had a duplicate route in one of their core routers causing the problem. The site (http://www.frunder.com) will still not resolve using the IP (http://69.44.63.107) only, but it works using the domain name which for now is more critical.

Have not installed the SSL yet, but hopefully this does not cause any new problems!