0

I want to configure ssl on same ip and port using SNI or can be different port but i am unable to instruct apache to deliver the ssl certificate of the domain requested.

It delivers the default sites certificate. I am unable to debug the issue.

I access logs it shows the default domain name however request is of other domain..

E.g i ask site1.com then site1.com opens and it delivers site1.com, however if i ask site2.con it delivers ssl of site1.com and site2.com is redirected to site1.com

If i add domainname:443 instead of *:443 then browser give 241 redirect error and it is as follows

Misdirected Request The client needs a new connection for this request as the requested host name does not match the Server Name Indication (SNI) in use for this connection.

I am listening on port 80 and 443 in /etc/apache2/ports.conf i have installed ssl mod using apt-get install libapache2-mod-ssl a2enmod ssl

i am using ubuntu server bionic (18) with latest apache2 version and openssl

i have concerned multiple sources however following these links did not resolved my problem

Digicert.com

memset.com

digitalocean.com

apache.org

Techrepublic

Tech-stuff.net

SSLStrictSNIVHostCheck on

<IfModule mod_ssl.c>

    <VirtualHost *:443>

            ServerAdmin admin@site1.com
            ServerName site1.com/
            ServerAlias www.site1.com/

            SSLEngine on
            SSLCertificateFile /etc/apache2/ssl/site1.com/certificate.crt
            SSLCertificateKeyFile /etc/apache2/ssl/site1.com/private.key
            SSLCertificateChainFile /etc/apache2/ssl/site1.com/ca_bundle.crt



            DocumentRoot /var/www/site1.com/public_html

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>
</IfModule>




<VirtualHost *:80>

    ServerName site1.com

    ServerAlias www.site1.com

    DocumentRoot /var/www/site1.com/public_html

    Redirect permanent / https://site1.com/

</VirtualHost>


<IfModule mod_ssl.c>

    <VirtualHost *:443>

            ServerAdmin admin@site2.com
            ServerName site2.com/

            ServerAlias www.site2.com/

            SSLEngine on
            SSLCertificateFile /etc/apache2/ssl/site2.com/certificate.crt
            SSLCertificateKeyFile /etc/apache2/ssl/site2.com/private.key
            SSLCertificateChainFile /etc/apache2/ssl/site2.com/ca_bundle.crt



            DocumentRoot /var/www/site2.com/public_html

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>
</IfModule>


< VirtualHost *:80>

    ServerName site2.com

    ServerAlias www.site2.com

    DocumentRoot /var/www/site2.com/public_html

    Redirect permanent / https://site2.com/

</VirtualHost>
Isabella Holmes
  • 1
  • 1
  • 1

1 Answers1

1

In order to configure properly your apache server to have multiple SSL Virtual Hosts using the same public ip address you should follow these steps:

Edit your httpd.conf or apache2.conf file and check if you have the entries bellow:

NameVirtualHost *:80
NameVirtualhost *:443

Then for all your virtual hosts, replace

<VirtualHost *:80> with <VirtualHost YOUR_SERVER_PUBLIC_IP:80>

and 

<VirtualHost *:443> with <VirtualHost YOUR_SERVER_PUBLIC_IP:443>

Restart apache and you should be good to go!

Be sure that there is no other entry or config file with a <VirtualHost *:443> definition. All definitions should container the actual server ip address, otherwise you'll have exactly the same issue.

Bogdan Stoica
  • 4,349
  • 2
  • 23
  • 38
  • I have tried. I even tried with domain name instead of *. It delivers default certificate. – Isabella Holmes Mar 26 '18 at 11:09
  • You have a configuration issue somewhere or a virtual host which is defined with *:443 and other with ip address and so on... It should work since it works just fine on my CentOS 7.x server with httpd. In `` section the definition is `ip:port`, not `domain:port` – Bogdan Stoica Mar 26 '18 at 11:11
  • Alternatively, replace `NameVirtualHost *:80` and `NameVirtualHost *:443` with `NameVirtualHost public_IP:80` respectively `NameVirtualHost public_IP:443` and restart httpd/apache2 service – Bogdan Stoica Mar 26 '18 at 11:12
  • It's really hard to say at this point without being able to check the config and see what is going on there, on your server... Sorry I can't help you more... It's definetely a config issue since as I was saying, it works just fine on my server – Bogdan Stoica Mar 27 '18 at 08:10
  • Thank you very much for your help. I was doing it wrong i guess. I shifted all config in one .conf file with sequence of all port 80 and then port 443 respectively. And it works fine. Thanks again. – Isabella Holmes Mar 27 '18 at 11:07
  • No problem. I'm glad it works. As I was saying, there was some issue with your config... You could vote the answer if you like. – Bogdan Stoica Mar 27 '18 at 12:04