Apache's virtualhost only for redirect

Question

I have multiple domains, but I have only one certificate. I have created two virtualhost's, one with certificate for domain: domain.lt second with redirects to domain.lt

Apache's SSL config:

<IfModule mod_ssl.c>

    <VirtualHost *:443>
        <Directory "/var/www/html">
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>

        ServerName domain.lt
        ServerAlias www.domain.lt     
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/domain.lt/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/domain.lt/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

        <Directory "/var/www/html/main/wp-content/uploads/">
            Options -Indexes
        </Directory>
    </VirtualHost>

    <VirtualHost *:443>
        <Directory "/var/www/html">
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>

        ServerName domain.pk
        ServerAlias www.domain.pk
        ServerAlias domain.fi
        ServerAlias www.domain.fi
        ServerAlias domain.eu
        ServerAlias www.domain.eu
        ServerAlias domain.hk
        ServerAlias www.domain.hk
        ServerAlias domain.ae
        ServerAlias www.domain.ae

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        RewriteEngine on
        RewriteCond %{HTTP_HOST} ^(www.)?domain.(pk|fi|eu|hk|ae)$
        RewriteRule ^(.*)$ https://domain.lt%{REQUEST_URI} [L,R=301]
    </VirtualHost>

</IfModule>

But I'm still getting warnings in browser that the connection is not secure and the certificate is only for domain.lt. After adding exception in browser I'm being redirected. How can i accomplish that?

Is the certificate valid for these domains? Are they all contained as SAN entries in the certificate? — Gerald Schneider, Nov 27 '17 at 14:23
Certificate is valid only for domain.lt, so I want to redirect all traffic from .com .hk etc.. to domain.lt — Šarūnas Rakauskas, Nov 27 '17 at 14:24
If you want to redirect via SSL you need certificates for every single domain. — Gerald Schneider, Nov 27 '17 at 14:29
Maybe there is other way to do that? Cuz if I go to http domain.hk Im being redirected perfectly, But if I go to https domain.hk I'm getting error — Šarūnas Rakauskas, Nov 27 '17 at 14:31
http does not use SSL. for HTTPS/SSL you need valid certificates. For all domains you use. — Gerald Schneider, Nov 27 '17 at 14:33

score 3 · Accepted Answer · answered Nov 27 '17 at 14:52

The TLS(SSL) part of the connection happens before the HTTP part of the request.

This means that you MUST present a valid certificate for the domain the browser is requesting BEFORE you can send an HTTP 302/etc redirect. All of the HTTP winds up wrapped up in the TLS encryption.

Otherwise the end user browsers will show warnings that will need to be bypassed (not best practice).

Apache's virtualhost only for redirect

1 Answers1