Apache VirtualHost Hell - fails to redirect sometimes, throws odd SSL error other times: What am I doing wrong?

Question

I'm trying to configure my website to redirect all traffic to the www subdomain, and redirect all http requests to https requests. I know it's not a problem with by DNS records (which include an A record for www and cloud) because my configuration worked perfectly until about a week ago when I reinstalled everything. The problem experienced is that it behaves very funkily.

(I've replaced my domain with "example.com" to sanitize the post.)

What doesn't work:

http://example.com        - redirects to https://www.example.com,
                            but yields SSL_PROTOCOL_ERROR
http://cloud.example.com  - redirects to https://www.example.com/myfiles/,
                            but yields SSL_PROTOCOL_ERROR
https://example.com       - no redirect to www, and yields SSL_PROTOCOL_ERROR
https://www.example.com   - yields SSL_PROTOCOL_ERROR
https://cloud.example.com - no redirect to www, and yields SSL_PROTOCOL_ERROR

What does work:

http://www.example.com - works like a dream

All of my Apache Configuration Steps (from a clean install):

sudo echo -e "\\ndeb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list

sudo apt-get update && sudo apt-get -y upgrade

# Because you'll want the latest certbot...
sudo apt-get -y install python-certbot-apache -t jessie-backports

sudo apt-get -y install apache2 php5 libapache2-mod-php5 php5-mcrypt php5-mysql php5-cli

sudo a2enmod rewrite

Put the following (as root) at the end of /etc/apache2/apache2.conf

ServerName example.com

<VirtualHost *:80>
    ServerName example.com
    Redirect permanent / https://www.example.com/
</VirtualHost>
<Directory /var/www/(.*)>
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>

Creating the VirtualHosts and Certificates

sudo tee /etc/apache2/sites-available/www.conf << "EOP"
<VirtualHost *:80>
  ServerName www.example.com
  Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
  DocumentRoot /var/www/html/
  ServerName www.example.com
</VirtualHost>
EOP

sudo a2ensite www

sudo service apache2 restart

sudo certbot --apache --domain www.example.com
#I apply this to /etc/apache2/sites/enabled/default-ssl.conf

sudo mkdir -p /var/www/html/myfiles/

sudo tee /etc/apache2/sites-available/cloud.conf << "EOP"
<VirtualHost *:80>
  ServerName cloud.example.com
  Redirect / https://www.example.com/myfiles/
</VirtualHost>
<VirtualHost *:443>
  ServerName cloud.example.com
  Redirect / https://www.example.com/myfiles/
</VirtualHost>
EOP

sudo a2ensite cloud

sudo service apache2 restart

sudo apache2ctl configtest #which reports everything's ok

More Information about Server:

The server is a clean install of Debian 8.6 (amd64), and the Apache version number is 2.4, so stability of the software isn't the issue.

My SSL Problem

A cat /var/log/apache2/error.log throws me the following:

[ssl:warn] [pid 11737] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name

Answer 1

your certificate MUST match the domain name.

sudo certbot --apache --domain www.example.com --domain cloud.example.com --domain example.com

you can have up to 100 SAN (subject alternative names) per LE cert.

you can also use multiple certs with the same IP with SNI (which your version of openssl should support)

you must also list your ssl options and files before the </VirtualHost>

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04