Changing IP Address


I am tried to change the IP address for a virtulhost as we would like to add SSL to the domain. I changed the IP under “Edit Virtual Server->External IP address” but when I go to check “SSL website enabled?” I get the following message:-

The following potential problems were detected with the modification of this virtual server :

SSL is being enabled for more than one domain on the IP address *********. Apache on your system supports SNI, which will allow modern browsers to get the correct certificate in this situation. However, older browsers may see the first certificate for the IP, which is only valid for :

The DNS IP got updated correctly but the Apache config file didn’t, if we change the IP in httpd conf manually we still get the error. In the Virtualmin GUI it says the IP has updated under “Edit Virtual Server->External IP address”.



To change an IP address for a given domain for SSL, we’d recommend going into Server Configuration -> Change IP Address.

In there, you can setup a private IP address for that domain.

Once you do that, you’ll be able to configure it to use SSL.


My server provider has allocated a new IP addy for a domain going ssl (previously shared) . This IP is not in the Webmin list of “Network Interfaces”, Is simply doing the “Use private address” option without ticking “Already active” do the job?

The site has to be available as much as possible, is there a trick I am missing to allow DNS to propagate without disrupting service? As I was thinking about just redirecting the traffic to the IP address in the meantime, but there might be a neater solution.


Keeping “Already active” unchecked should cause Virtualmin to add that IP to the network interface, yep. Not 100% sure though. :slight_smile:

As for DNS propagation, redirecting traffic to the IP is probably not the best solution, since often web software has an own configuration option for the root URL or similar. Are you hosting the DNS zone yourself? Before doing the switch then, you could reduce the TTL for the entries in question to like 10 seconds (and then wait for the previous TTL value to expire), minimizing downtime when you do the switch.