1

I am trying to setup Letsencrypt on a CentOS server that has multiple virtual hosts. It seems to work ok on Ubuntu, and I realize that the script that does the work only works for single domains on CentOS, but I figured I could manually make some adjustments. Sadly I am only able to get whichever virtualhost comes first to run on https, which seems like more of a Apache problem than a Letsencrypt problem since if I reverse order, the one on top works where before I would get an error.

Here is what the ssl.conf looks like for the virtualhost:

NameVirtualHost *:443
Listen 443
<VirtualHost *:443>
        DocumentRoot "/var/www/html/domain1.com/laravel/public"
        ServerName domain1.com:443
        ServerAlias www.domain1.com:443
        ErrorLog logs/domain1_ssl_error_log
        TransferLog logs/domain1_ssl_access_log
        LogLevel warn

        Header set Access-Control-Allow-Origin "*"


        SSLEngine on

        SSLProtocol all -SSLv2
        SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
        SSLCertificateFile /etc/letsencrypt/live/domain1.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/domain1.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/domain1.com/chain.pem

        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
            SSLOptions +StdEnvVars
        </Files>

        <Directory "/var/www/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>

        SetEnvIf User-Agent ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0

        CustomLog logs/ssl_request_log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

<VirtualHost *:443>
        DocumentRoot "/var/www/html/domain2.com/laravel/public"
        ServerName domain2.com:443
        ServerAlias www.domain2.com:443
        ErrorLog logs/domain1_ssl_error_log
        TransferLog logs/domain1_ssl_access_log
        LogLevel warn

        Header set Access-Control-Allow-Origin "*"


        SSLEngine on

        SSLProtocol all -SSLv2
        SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
        SSLCertificateFile /etc/letsencrypt/live/domain2.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/domain2.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/domain2.com/chain.pem

        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
            SSLOptions +StdEnvVars
        </Files>

        <Directory "/var/www/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>

        SetEnvIf User-Agent ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0

        CustomLog logs/ssl_request_log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Alan
  • 543
  • 2
  • 6
  • 18
  • may this helps? https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI - im not much enough in the topic to provide a qualified answer yet –  Apr 06 '16 at 19:42

1 Answers1

0

I've been using Let's Encrypt for a while now, and have written some how-tos on getting it up and running (on CentOS 6 and CentOS 7, specifically - but there's no reason those shouldn't also work on other platforms).

I don't append the :443 in my per-domain VirtualHost configs. What I do I documented at another question recently - I now split my configs into multiple files (one for each domain instead of having massive vhosts.conf & ssl.conf files).

I do not have any SSL references in my base httpd.conf - make sure you haven't accidentally setup something there.

As I wrote on that other answer, my per-domain configs look like this:

<VirtualHost *:80>
ServerName domain.tld
Redirect permanent / https://domain.tld/
</VirtualHost>

<VirtualHost *:443>
    SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/fullchain.pem
    DocumentRoot /var/www/domain
    ServerName domain.tld
    ErrorLog logs/domain-error_log
    CustomLog logs/domain-access_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    ServerAdmin user@domain.tld

    SSLEngine on

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

    <Directory "/var/www/domain">
         Options All +Indexes +FollowSymLinks
         AllowOverride All
         Order allow,deny
         Allow from all
    </Directory>

</VirtualHost>

and my ssl.conf:

#SSL options for all sites
Listen 443
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
Mutex sysvsem default
SSLRandomSeed startup file:/dev/urandom  1024
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
SSLCompression          off
SSLHonorCipherOrder     on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
Community
  • 1
warren
  • 18,369
  • 23
  • 84
  • 135