SSL VIrtual host overlap? HELP

Discussion in 'Installation/Configuration' started by terryoleary1981, Jan 27, 2008.

  1. terryoleary1981

    terryoleary1981 New Member

    HI

    I'm trying to install an SSL certificate for one of my domains.

    I've uploaded the gd_intermediate_bundle.crt file to the SSL folder for the domain and copied the contents of the domains certificate into the SSL certificate text box on the control panel and saved the certificate.

    When i restart the apache service i'm getting the following error:

    Code:
    VirtualHost 192.168.1.108:443 overlaps with VirtualHost 192.168.1.108:443, the first has precedence, perhaps you need a NameVirtualHost directive.
    
    NameVitualHost 192.168.1.108:80 has no VirtualHosts
    
    Apache then fails to start. This is the only SSL i've set up on this machine. Can anyone help?
     
  2. thecaoticone

    thecaoticone New Member

    Does your sites-available files look like this?

    NameVirtualHost 192.168.1.108:443
    <VirtualHost 192.168.1.108:443>
     
  3. terryoleary1981

    terryoleary1981 New Member

    where should my 'sites-available' file be?
     
  4. thecaoticone

    thecaoticone New Member

    What type of Operating System are you running?


    In Ubuntu or Debian all sites should be in /etc/apache2/sites-available
     
  5. terryoleary1981

    terryoleary1981 New Member

    hi

    I'm running fedora 7.

    I've found my Vhosts_i~ig.conf file.

    There is an entry for VirtualHost 192.168.1.108:443
     
  6. thecaoticone

    thecaoticone New Member

    Okay, to be truthful it's been a while since I ran a Fedora setup.
    I don 't know if this will help or not.
    If i remember correctly, you have to have a NameVirtualHost listing for each ip listed somwhere in the /etc/httpd/conf/httpd.conf which tells apache to listen for both sites.
    Does you /etc/httpd/conf/httpd.conf look similar to this?

    # site 1
    NameVirtualHost 127.0.0.1:80
    NameVirtualHost 127.0.0.1:443

    # site 2
    NameVirtualHost 127.0.0.2:80
    NameVirtualHost 127.0.0.2:443


    <VirtualHost 127.0.0.1:80>
    ServerName companyABC.com
    DocumentRoot /var/www/co_abc
    ErrorLog /var/log/httpd/abc_error_log
    CustomLog /var/log/httpd/abc_access_log common
    DirectoryIndex index.html index.shtml
    <Directory "/var/www/co_abc">
    Options Indexes FollowSymLinks Includes
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>
    </VirtualHost>

    <VirtualHost 127.0.0.2:80>
    ServerName companyDEF.com
    DocumentRoot /var/www/co_def
    ErrorLog /var/log/httpd/def_error_log
    CustomLog /var/log/httpd/def_access_log common
    DirectoryIndex index.html index.shtml
    <Directory "/var/www/co_def">
    Options Indexes FollowSymLinks Includes
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>
    </VirtualHost>

    <VirtualHost 127.0.0.2:443>
    ServerName companyABC.com
    DocumentRoot /var/www/co_abc
    ErrorLog /var/log/httpd/abc_error_log
    CustomLog /var/log/httpd/abc_access_log common
    DirectoryIndex index.html index.shtml
    <Directory "/var/www/co_abc">
    Options Indexes FollowSymLinks Includes
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>
    </VirtualHost>
     
    Last edited: Jan 27, 2008
  7. terryoleary1981

    terryoleary1981 New Member

    Hi

    I checked the file, it didnt seem to have a NameVirtualHost entry for 192.168.1.108:443 but had a virtual host entry. I've added the line

    NameVirtualHost 192.168.1.108:443

    Under the :80 entry and apache still doesnt load. With the same error
     
  8. thecaoticone

    thecaoticone New Member

    I just setup a test Fedora system.

    In the /etc/httpd/conf/httpd.conf I added the following without the "NameVirtualHost" and it is working.

    #added

    <VirtualHost 192.168.7.185:80>
    DocumentRoot /var/www/portal
    ServerName server
    <Directory "/var/www/portal/">
    allow from all
    Options +Indexes
    </Directory>
    </VirtualHost>

    <VirtualHost 192.168.7.186:80>
    DocumentRoot /var/www/intranet
    ServerName server1
    <Directory "/var/www/intranet/">
    allow from all
    Options +Indexes
    </Directory>
    </VirtualHost>

    <VirtualHost 192.168.7.186:443>
    DocumentRoot /var/www/https
    ServerName server1
    <Directory "/var/www/https/">
    allow from all
    Options +Indexes
    </Directory>
    </VirtualHost>


    Try commenting all the "NameVirtualHost" lines.
     
  9. terryoleary1981

    terryoleary1981 New Member

    hi

    I've tried commenting out the namehosts but this caused more errors, nothing seems to be fixing the error.
     
  10. thecaoticone

    thecaoticone New Member

    I just re-read your first post.

    Your error is:
    VirtualHost 192.168.1.108:443 overlaps with VirtualHost 192.168.1.108:443, the first has precedence, perhaps you need a NameVirtualHost directive.

    NameVitualHost 192.168.1.108:80 has no VirtualHosts


    which means you are using the same ip address with 2 sites on port 443 and no website on port 80.
    Apache will not accept this.

    Look at my last post and you will see that I have 2 ip's and 2 ports in my virtual setup. ( IP Based )
    192.168.7.185:80
    192.168.7.186:80
    192.168.7.186:443

    Check your conf file for sites using the same ip and port 443.

    If you are using name based vlhost then you should look like this:

    NameVirtualHost *:80
    NameVirtualHost *:443

    <VirtualHost www.example.com:80>
    ....
    </VirtualHost>

    <VirtualHost www.example2.com:80>
    ....
    </VirtualHost>

    <VirtualHost www.example.com:443>
    ......
    </VirtualHost>


    Please let me know if this is the case.
     
    Last edited: Jan 28, 2008
  11. terryoleary1981

    terryoleary1981 New Member

    hi

    this is what is in my Vhosts.ipconfig.conf file

    Code:
    ###################################
    #
    # ISPConfig vHost Configuration File
    #         Version 1.0
    #
    ###################################
    #
    NameVirtualHost 192.168.1.108:80
    <VirtualHost 192.168.1.108:80>
      ServerName localhost
      ServerAdmin [email protected]
      DocumentRoot /var/www/sharedip
    </VirtualHost>
    #
    #
    ######################################
    # Vhost: www.mysite.co.uk:80
    ######################################
    #
    #
    <VirtualHost 192.168.1.108:80>
    ServerName www.mysite.co.uk:80
    ServerAdmin [email protected]
    DocumentRoot /var/www/web1/web
    ServerAlias mysite.co.uk
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ScriptAlias  /cgi-bin/ /var/www/web1/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web1/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    <Files *.php>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php3>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php4>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php5>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    php_admin_flag safe_mode Off
    Alias /error/ "/var/www/web1/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    </VirtualHost>
    #
    <IfModule mod_ssl.c>
    <VirtualHost 192.168.1.108:443>
    ServerName www.mysite.co.uk:443
    ServerAdmin [email protected]
    DocumentRoot /var/www/web1/web
    ServerAlias mysite.co.uk
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ScriptAlias  /cgi-bin/ /var/www/web1/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web1/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    <Files *.php>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php3>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php4>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php5>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    php_admin_flag safe_mode Off
    SSLEngine on
    SSLCertificateFile /var/www/web1/ssl/www.mysite.co.uk.crt
    SSLCertificateKeyFile /var/www/web1/ssl/www.mysite.co.uk.key
    Alias /error/ "/var/www/web1/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    </VirtualHost>
    </IfModule>
    
    
    What should it be?
     
  12. thecaoticone

    thecaoticone New Member

    Okay, your using ISP. I was working with Apache. ( Two totally seperate files)

    After looking over your config file, I'm as stumped as you are. That part looks fine to me.

    The error still points to duplicate entry.

    In another post falko suggested that it is not in the Vhosts.ipconfig.conf but in Apache's config file, which is where I have been looking.

    Check httpd.conf file which should be /etc/httpd/conf/httpd.conf

    Look for this line towards the bottom:
    Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf

    Make sure it is not in there twice.
     
  13. terryoleary1981

    terryoleary1981 New Member

    Hi

    I've checked the config it did appear to have two entries one right at the bottom and another about 30 lines up. I commented out the bottom one, re did my SSL in ISPconfig and now when i restart apache i just get failed and no error msg :O/
     
  14. thecaoticone

    thecaoticone New Member

    This what the bottom of the /etc/httpd/conf/httpd.conf should look like.
    Compare this one to yours.

    The attachment is the full file.
    -------------------------------------------------------------------------------------------
    #
    # VirtualHost example:
    # Almost any Apache directive may go into a VirtualHost container.
    # The first VirtualHost section is used for requests without a known
    # server name.
    #
    #<VirtualHost *:80>
    # ServerAdmin [email protected]
    # DocumentRoot /www/docs/dummy-host.example.com
    # ServerName dummy-host.example.com
    # ErrorLog logs/dummy-host.example.com-error_log
    # CustomLog logs/dummy-host.example.com-access_log common
    #</VirtualHost>

    <Directory /var/www/sharedip>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>

    ###############ispconfig_log###############
    LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
    CustomLog "|/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d" combined_ispconfig

    <Directory /var/www/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>

    <Directory /var/www/*/user/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>

    <Directory /var/www/*/cgi-bin>
    Options ExecCGI -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>

    Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf

    --------------------------------------------------------------------------------------------------
     

    Attached Files:

  15. terryoleary1981

    terryoleary1981 New Member

    here is the bottom of the file

    Code:
    #
    # VirtualHost example:
    # Almost any Apache directive may go into a VirtualHost container.
    # The first VirtualHost section is used for requests without a known
    # server name.
    #
    #<VirtualHost *:80>
    #    ServerAdmin [email protected]
    #    DocumentRoot /www/docs/dummy-host.example.com
    #    ServerName dummy-host.example.com
    #    ErrorLog logs/dummy-host.example.com-error_log
    #    CustomLog logs/dummy-host.example.com-access_log common
    #</VirtualHost>
    
    <Directory /var/www/sharedip>
        Options +Includes -Indexes
        AllowOverride None
        AllowOverride Indexes AuthConfig Limit FileInfo
        Order allow,deny
        Allow from all
        <Files ~ "^\.ht">
        Deny from all
        </Files>
    </Directory>
    
    ###############ispconfig_log###############
    LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
    CustomLog "|/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d" combined_ispconfig
    
    <Directory /var/www/*/web>
        Options +Includes -Indexes
        AllowOverride None
        AllowOverride Indexes AuthConfig Limit FileInfo
        Order allow,deny
        Allow from all
        <Files ~ "^\.ht">
        Deny from all
        </Files>
    </Directory>
    
    <Directory /var/www/*/user/*/web>
        Options +Includes -Indexes
        AllowOverride None
        AllowOverride Indexes AuthConfig Limit FileInfo
        Order allow,deny
        Allow from all
        <Files ~ "^\.ht">
        Deny from all
        </Files>
    </Directory>
    
    <Directory /var/www/*/cgi-bin>
        Options ExecCGI -Indexes
        AllowOverride None
        AllowOverride Indexes AuthConfig Limit FileInfo
        Order allow,deny
        Allow from all
        <Files ~ "^\.ht">
        Deny from all
        </Files>
    </Directory>
    
    Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
    
    
    <Directory /var/www/sharedip>
        Options +Includes -Indexes
        AllowOverride None
        AllowOverride Indexes AuthConfig Limit FileInfo
        Order allow,deny
        Allow from all
        <Files ~ "^\.ht">
        Deny from all
        </Files>
    </Directory>
    
    ###############ispconfig_log###############
    LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
    CustomLog "|/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d" combined_ispconfig
    
    <Directory /var/www/*/web>
        Options +Includes -Indexes
        AllowOverride None
        AllowOverride Indexes AuthConfig Limit FileInfo
        Order allow,deny
        Allow from all
        <Files ~ "^\.ht">
        Deny from all
        </Files>
    </Directory>
    
    <Directory /var/www/*/user/*/web>
        Options +Includes -Indexes
        AllowOverride None
        AllowOverride Indexes AuthConfig Limit FileInfo
        Order allow,deny
        Allow from all
        <Files ~ "^\.ht">
        Deny from all
        </Files>
    </Directory>
    
    <Directory /var/www/*/cgi-bin>
        Options ExecCGI -Indexes
        AllowOverride None
        AllowOverride Indexes AuthConfig Limit FileInfo
        Order allow,deny
        Allow from all
        <Files ~ "^\.ht">
        Deny from all
        </Files>
    </Directory>
    
    #Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
    
    You'll see two entries for the vhost, i've tried disabling either one with no success. I've also deleted my SSL entry for the site and redid the SSL leaving in the ISPconfig default values, and restart apache with no problem (except the certificate is coming up as not valid). I then copy and pasted the SSL certificate given to me from GoDaddy in to the certificate box. saved and restart apache and then the service failed!
     
  16. jenjen

    jenjen New Member

    I feel your pain....

    Sorry I can't be of much help, but I share your pain. I am having the same issues with ISPConfig. I have certificates for a couple of web sites and when I try to paste them in to ISPConfig, and Save, Apache fails to start. If I go back and delete and let ISPConfig recreate, Apache starts. If I try to edit the .crt files or any others. Apache won't start.
    There doesn't appear to be much documentation on moving web sites to new servers and applying existing certificates.
    We need some help here!
    Thanks!
     
  17. thecaoticone

    thecaoticone New Member

    Alright, I'm back. ( had to do the go-to-work thing )

    jenjen:
    Stick with us. I am going to try and help as much I as can. I promise.

    This is kind of new for me as well.

    I tried the ISP setup and personally found it to be overkill if you are just hosting
    a couple sites like I do. I use a straight Apache configuration on a LAMP and
    virtual e-mail system.

    Works great and eliminates extra configuration problems like what we are having here.

    terryoleary1981:
    I was only able to quickly scan your last post before having to go to work.
    ( I work odd hours during the week, so I might not be able to respond until late.)

    After looking at you ISPconfig, I see your certifcate information has been added here. That should be all you need for the cert. That tells Apache the names of the files and where to find the information. It also tells Apache to use ssl for that site.

    Looking at your /etc/httpd/conf/httpd.conf file, the problem seems to be when you added the ssl information, ISP re-created the information Apache needs. (This appears to be a problem with ISPconfig. Not anything you did.) This is telling Apache to look for 2 seperate ISPconfig files when there is only one. This is causing Apache to read the file twice and think it is 2 seperate sites. Thus causing the error:

    VirtualHost 192.168.1.108:443 overlaps with VirtualHost 192.168.1.108:443

    So what needs to happen, is you need to delete or uncomment one of the ISPconfigs from Apache.

    Your /etc/httpd/conf/httpd.conf should only have this info once:
    -------------------------------------------------------------------------------------------------------------

    <Directory /var/www/sharedip>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>



    ###############ispconfig_log###############
    LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
    CustomLog "|/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d" combined_ispconfig

    <Directory /var/www/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>

    <Directory /var/www/*/user/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>

    <Directory /var/www/*/cgi-bin>
    Options ExecCGI -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>

    Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
    ------------------------------------------------------------------------------------------------

    Uncomment or delete any other copies of this information.
    Please let me know what happens.
     
    Last edited: Jan 29, 2008
  18. till

    till Super Moderator Staff Member ISPConfig Developer

    http://www.howtoforge.com/forums/showthread.php?t=19564
     
  19. terryoleary1981

    terryoleary1981 New Member

    Hi

    Well after redoing it all from scratch, reissueing the key with the CSR and making sure there was only one include for the vhost after i applied the certificate i restarted apache and what do ya know its up and running! woohoo!

    All i have to do now is set up Google Checkout!!!!! ;) Thanks for the help!!!
     
  20. thecaoticone

    thecaoticone New Member

    You are more than welcome.

    "Live & Learn";)
     

Share This Page