View Single Post
  #6  
Old 15th December 2011, 18:25
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 386
Thanks: 28
Thanked 58 Times in 50 Posts
Default

I had the same issue. I have the solution, but let's outline the problem more thoroughly, first.


I want to take advantage of SNI support in ISPConfig > 3.0.4, but when I (re)start Apache, I see the following:

Code:
# service apache2 restart
 * Restarting web server apache2
[Thu Dec 15 09:03:32 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
... waiting
[Thu Dec 15 09:03:33 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
The relevant Apache documentation ( http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI ) states:

Quote:
How can you tell if your Apache build supports SNI? ... If SNI is built in, then the error log will show "[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366).
My software supports SNI as evidenced by the following message in my error log upon Apache startup:

Code:
[Thu Dec 15 09:03:33 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
Further, if I examine the Apache environment variables (e.g. via PHP's phpinfo() function), I see:

Code:
_SERVER["SSL_TLS_SNI"]	example.com
So, Apache and my browser are SNI-enabled.


And now for the solution:

As always, "the devil is in the details".

The only part you missed was adding this to your Apache configuration, e.g., at the top of /etc/apache2/httpd.conf (this is from the same document that is referenced above):

Code:
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:443
Don't forget to restart Apache (a reload probably works just as well).
Reply With Quote