default-ssl.conf shows domain instead of hostname in SSL

Discussion in 'Installation/Configuration' started by Stelios, Oct 16, 2020.

  1. Stelios

    Stelios Member

    Hi,
    I've edited the virtual host file to include the ServerName myhostname.com and restarted apache but myhostname.com still throws an error in SSL due to use a certificate from a domain that is hosted on the same server.
    How can I use the proper SSL for the hostname and have the default vhost to actually use that?

    Thanks
     
  2. Stelios

    Stelios Member

  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    If you edited default-ssl.conf correctly, you might well have another site loading first, and being the default in practice. What does `apachectl -S` show?
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Name the symlink in sites-enabled/ so it is read first, eg. 000-default-ssl.conf
     
  5. Stelios

    Stelios Member

    I renamed the default-ssl.conf as you suggested and reload apache but same problem.
    When I run the apachectl -S the first domain is the one that gets the SSL. It still shows my 000-default-ssl.conf at the end of it.
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    The other reason you end up with the wrong certificate or wrong site displaying is having differences in the addresses in use, '*' vs specific ip's. In general you want to use all '*' or use the ip for all, but don't mix them. What does `apachectl -S` show?
     
  7. Stelios

    Stelios Member

    This is the ouput of apache -s (I've removed some parts with domains and just change IPs/domains. The web1.mydomain.com is the hostname which doesn't work.

    Code:
    [email protected]:/etc/apache2/sites-enabled# apachectl -S
    
    VirtualHost configuration:
    [myIPv6::1]:80 is a NameVirtualHost
             default server domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:255)
             port 80 namevhost domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:255)
                     alias www.domain1.gr
             port 80 namevhost domain2.com (/etc/apache2/sites-enabled/100-domain2.com.vhost:265)
                     alias www.domain2.com
                     alias www.domain2.gr
                     alias domain2.gr
    
    [myIPv6::1]:443 is a NameVirtualHost
             default server domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:368
    )
             port 443 namevhost domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost
    :368)
                     alias www.domain1.gr
             port 443 namevhost domain2.com (/etc/apache2/sites-enabled/100-domain2.com.vhost:384)
                     alias www.domain2.com
                     alias www.domain2.gr
                     alias domain2.gr
             default server domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:7)
             port 80 namevhost domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:
    7)
                     alias www.domain1.gr
             port 80 namevhost domain2.com (/etc/apache2/sites-enabled/100-domain2.com.vhost:7)
                     alias www.domain2.com
                     alias www.domain2.gr
                     alias domain2.gr
    
    myIPv4ip:443    is a NameVirtualHost
             default server domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:120
    )
             port 443 namevhost domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost
    :120)
                     alias www.domain1.gr
             port 443 namevhost domain2.com (/etc/apache2/sites-enabled/100-domain2.com.vhost:126)
                     alias www.domain2.com
                     alias www.domain2.gr
                     alias domain2.gr
    
    *:8081                 web1.mydomain.com (/etc/apache2/sites-enabled/000-apps.vhost:9)
    *:443                  web1.mydomain.com (/etc/apache2/sites-enabled/000-default-ssl.conf:2)
    *:80                   web1.mydomain.com (/etc/apache2/sites-enabled/000-default.conf:1)
    ServerRoot: "/etc/apache2"
    Main DocumentRoot: "/var/www/html"
    Main ErrorLog: "/var/log/apache2/error.log"
    Mutex default: dir="/var/run/apache2/" mechanism=default
    Mutex mpm-accept: using_defaults
    Mutex fcgid-pipe: using_defaults
    Mutex authdigest-opaque: using_defaults
    Mutex watchdog-callback: using_defaults
    Mutex rewrite-map: using_defaults
    Mutex ssl-stapling-refresh: using_defaults
    Mutex authdigest-client: using_defaults
    Mutex fcgid-proctbl: using_defaults
    Mutex ssl-stapling: using_defaults
    Mutex proxy: using_defaults
    Mutex ssl-cache: using_defaults
    PidFile: "/var/run/apache2/apache2.pid"
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    Define: ENABLE_USR_LIB_CGI_BIN
    User: name="www-data" id=33
    Group: name="www-data" id=33
    
    [email protected]:/etc/apache2/sites-enabled#
    
     
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Here you see your web1.mydomain.com is bound to '*', whereas your other sites are bound to 'myIPV4' (or v6) - change your default-ssl.conf to use to the specific ip address your other sites are using rather than '*'.
     
  9. Stelios

    Stelios Member

    Thanks, Jesse, changing to the IP worked.
    Where do the cert files saved during the installation? I'm asking as the hostname finds just the self-created certificate instead. of the Letsencrypt.

    Thanks
     
  10. Stelios

    Stelios Member

    Just found it under /etc/letsencrypt/live/mydomain
     
    Th0m likes this.

Share This Page