0

I've got letsencrypt setup on an AWS server using Apache VirtualHosts, now I'm trying to do the same on another AWS instance which will only be serving the one site.

I'm using https://github.com/srvrco/getssl to try and generate my SSL keys.

Generated config in the first instances with getssl which created files under /root/.getssl/domainname as expected and configs look similar baring domain name differences to those generated in my vHosts server.

# getssl -f domain.com
Registering account
Verify each domain
Verifying domain.com
domain.com is already validated
Verifying www.domain.com
www.domain.com is already validated
Verification completed, obtaining certificate.
Certificate saved in /root/.getssl/domain.com/domain.com.crt
The intermediate CA cert is in /root/.getssl/domain.com/chain.crt
copying domain certificate to /etc/ssl/domain.com.crt
copying private key to /etc/ssl/domain.com.key
reloading SSL services
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
getssl: domain.com - certificate obtained but certificate on server is different from the new certificate

Now in my vhosts server I created .conf files for each domain, which each contain :

<VirtualHost *:443>

and

<VirtualHost *:80>

Do I need to do something to add the equivalent config to my http.conf file in the single domain setup?

DaFoot
  • 101
  • 4

2 Answers2

0

Assuming you have a certificate per virtual host, you'll have to add the following (adapting the paths, of course) to your <VirtualHost>-section:

SSLCertificateFile "/path/to/www.example.com.cert" SSLCertificateKeyFile "/path/to/www.example.com.key"

In your getssl-config for example.com, you have to have the lines:

DOMAIN_CERT_LOCATION="/path/to/example.com.crt" DOMAIN_KEY_LOCATION="/path/to/example.com.key"

Sources: getssl-readme and apache SSL documentation

PaterSiul
  • 246
  • 1
  • 6
  • Do I need to create a virtual host even though this will be the only site on this server? The server with multiple vhosts seems to all be working correctly. – DaFoot Jun 19 '17 at 20:43
  • All documentation I've read so far points to at least a `VirtualHost _default_:443>` section. – PaterSiul Jun 19 '17 at 20:48
0

Adding this to the http.conf file seems to have sorted it:

<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName www.domain.com
SSLEngine on
SSLCertificateFile "/etc/ssl/doman.com.crt"
SSLCertificateKeyFile "/etc/ssl/domain.com.key"
</VirtualHost>
DaFoot
  • 101
  • 4