SSL Certificates and Apache Virtual Hosts

Question

I am encountering a very curious problem with my ubuntu server setup. I am running a few websites using a LAMP stack.

One of the websites has a dedicated ip and a comodo ssl certificate. The other websites are on a shared ip and use let'sencrypt ssl certificates.

Here's the virtual host config for the website on the dedicated ip:

# domain: example.com
# public: /home/myhomefolder/public/example.com/

<VirtualHost actual_dedicated_ip:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin admin@example.com
  ServerName  www.example.com
  ServerAlias example.com
  Redirect permanent / https://www.example.com/
  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.php
  DocumentRoot /home/myhomefolder/public/example.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/myhomefolder/public/example.com/log/error.log
  CustomLog /home/myhomefolder/public/example.com/log/access.log combined
</VirtualHost>
<VirtualHost actual_dedicated_ip:443>
     SSLEngine On
     SSLProtocol ALL -SSLv2 -SSLv3
     SSLHonorCipherOrder On
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
     SSLCertificateFile /etc/apache2/ssl/www.example.com.crt
     SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key
     SSLCertificateChainFile /etc/apache2/ssl/www.example.com.ca-bundle
     <Directory /home/myhomefolder/public/example.com/public>
       Require all granted
       AllowOverride ALL
     </Directory>     
     ServerAdmin admin@example.com
     ServerName example.com
     DocumentRoot /home/myhomefolder/public/example.com/public
     ErrorLog /home/myhomefolder/public/example.com/log/https_error.log
     CustomLog /home/myhomefolder/public/example.com/log/https_access.log combined
</VirtualHost>

Everything works fine except on specific networks (so far I can only reproduce this on my iphone when connected to Verizon LTE but not when connected to wifi) I get either an error saying "Safari cannot open the page because too many redirects occurred" or I get a prompt with "cannot verify server identity" and the certificate details is for another websites on the same host but a different ip.

Any ideas of what may be causing this?

Seems you may get a better answer on [Ask Ubuntu](http://askubuntu.com/) — paisanco, Jul 03 '16 at 15:56

score 1 · Answer 1 · answered Jul 08 '16 at 13:40

1

So I finally got to the bottom of this. It looks like verizon is using ipv6 and my vhost had only ipv4 configuration. As soon as I added my ipv6 ip in my vhost, the problem went away.

answered Jul 08 '16 at 13:40

scuttle-jesuit

648
1
5
16

SSL Certificates and Apache Virtual Hosts

1 Answers1