SSL VIrtual host overlap? HELP

HI

I'm trying to install an SSL certificate for one of my domains.

I've uploaded the gd_intermediate_bundle.crt file to the SSL folder for the domain and copied the contents of the domains certificate into the SSL certificate text box on the control panel and saved the certificate.

When i restart the apache service i'm getting the following error:

Code:

VirtualHost 192.168.1.108:443 overlaps with VirtualHost 192.168.1.108:443, the first has precedence, perhaps you need a NameVirtualHost directive.

NameVitualHost 192.168.1.108:80 has no VirtualHosts

Apache then fails to start. This is the only SSL i've set up on this machine. Can anyone help?

 

Does your sites-available files look like this?

NameVirtualHost 192.168.1.108:443
<VirtualHost 192.168.1.108:443>

 

where should my 'sites-available' file be?

 

What type of Operating System are you running?


In Ubuntu or Debian all sites should be in /etc/apache2/sites-available

 

hi

I'm running fedora 7.

I've found my Vhosts_i~ig.conf file.

There is an entry for VirtualHost 192.168.1.108:443

 

Okay, to be truthful it's been a while since I ran a Fedora setup.
I don 't know if this will help or not.
If i remember correctly, you have to have a NameVirtualHost listing for each ip listed somwhere in the /etc/httpd/conf/httpd.conf which tells apache to listen for both sites.
Does you /etc/httpd/conf/httpd.conf look similar to this?

# site 1
NameVirtualHost 127.0.0.1:80
NameVirtualHost 127.0.0.1:443

# site 2
NameVirtualHost 127.0.0.2:80
NameVirtualHost 127.0.0.2:443


<VirtualHost 127.0.0.1:80>
ServerName companyABC.com
DocumentRoot /var/www/co_abc
ErrorLog /var/log/httpd/abc_error_log
CustomLog /var/log/httpd/abc_access_log common
DirectoryIndex index.html index.shtml
<Directory "/var/www/co_abc">
Options Indexes FollowSymLinks Includes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

<VirtualHost 127.0.0.2:80>
ServerName companyDEF.com
DocumentRoot /var/www/co_def
ErrorLog /var/log/httpd/def_error_log
CustomLog /var/log/httpd/def_access_log common
DirectoryIndex index.html index.shtml
<Directory "/var/www/co_def">
Options Indexes FollowSymLinks Includes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

<VirtualHost 127.0.0.2:443>
ServerName companyABC.com
DocumentRoot /var/www/co_abc
ErrorLog /var/log/httpd/abc_error_log
CustomLog /var/log/httpd/abc_access_log common
DirectoryIndex index.html index.shtml
<Directory "/var/www/co_abc">
Options Indexes FollowSymLinks Includes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

 

Hi

I checked the file, it didnt seem to have a NameVirtualHost entry for 192.168.1.108:443 but had a virtual host entry. I've added the line

NameVirtualHost 192.168.1.108:443

Under the :80 entry and apache still doesnt load. With the same error

 

I just setup a test Fedora system.

In the /etc/httpd/conf/httpd.conf I added the following without the "NameVirtualHost" and it is working.

#added

<VirtualHost 192.168.7.185:80>
DocumentRoot /var/www/portal
ServerName server
<Directory "/var/www/portal/">
allow from all
Options +Indexes
</Directory>
</VirtualHost>

<VirtualHost 192.168.7.186:80>
DocumentRoot /var/www/intranet
ServerName server1
<Directory "/var/www/intranet/">
allow from all
Options +Indexes
</Directory>
</VirtualHost>

<VirtualHost 192.168.7.186:443>
DocumentRoot /var/www/https
ServerName server1
<Directory "/var/www/https/">
allow from all
Options +Indexes
</Directory>
</VirtualHost>


Try commenting all the "NameVirtualHost" lines.

 

hi

I've tried commenting out the namehosts but this caused more errors, nothing seems to be fixing the error.

 

I just re-read your first post.

Your error is:
VirtualHost 192.168.1.108:443 overlaps with VirtualHost 192.168.1.108:443, the first has precedence, perhaps you need a NameVirtualHost directive.

NameVitualHost 192.168.1.108:80 has no VirtualHosts


which means you are using the same ip address with 2 sites on port 443 and no website on port 80.
Apache will not accept this.

Look at my last post and you will see that I have 2 ip's and 2 ports in my virtual setup. ( IP Based )
192.168.7.185:80
192.168.7.186:80
192.168.7.186:443

Check your conf file for sites using the same ip and port 443.

If you are using name based vlhost then you should look like this:

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost www.example.com:80>
....
</VirtualHost>

<VirtualHost www.example2.com:80>
....
</VirtualHost>

<VirtualHost www.example.com:443>
......
</VirtualHost>


Please let me know if this is the case.

 

hi

this is what is in my Vhosts.ipconfig.conf file

Code:

###################################
#
# ISPConfig vHost Configuration File
#         Version 1.0
#
###################################
#
NameVirtualHost 192.168.1.108:80
<VirtualHost 192.168.1.108:80>
  ServerName localhost
  ServerAdmin root@localhost
  DocumentRoot /var/www/sharedip
</VirtualHost>
#
#
######################################
# Vhost: www.mysite.co.uk:80
######################################
#
#
<VirtualHost 192.168.1.108:80>
ServerName www.mysite.co.uk:80
ServerAdmin webmaster@mysite.co.uk
DocumentRoot /var/www/web1/web
ServerAlias mysite.co.uk
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias  /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php3>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php4>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php5>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
</VirtualHost>
#
<IfModule mod_ssl.c>
<VirtualHost 192.168.1.108:443>
ServerName www.mysite.co.uk:443
ServerAdmin webmaster@mysite.co.uk
DocumentRoot /var/www/web1/web
ServerAlias mysite.co.uk
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias  /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php3>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php4>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php5>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
SSLEngine on
SSLCertificateFile /var/www/web1/ssl/www.mysite.co.uk.crt
SSLCertificateKeyFile /var/www/web1/ssl/www.mysite.co.uk.key
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>

What should it be?

 

Okay, your using ISP. I was working with Apache. ( Two totally seperate files)

After looking over your config file, I'm as stumped as you are. That part looks fine to me.

The error still points to duplicate entry.

In another post falko suggested that it is not in the Vhosts.ipconfig.conf but in Apache's config file, which is where I have been looking.

Check httpd.conf file which should be /etc/httpd/conf/httpd.conf

Look for this line towards the bottom:
Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf

Make sure it is not in there twice.

 

Hi

I've checked the config it did appear to have two entries one right at the bottom and another about 30 lines up. I commented out the bottom one, re did my SSL in ISPconfig and now when i restart apache i just get failed and no error msg :O/

 

This what the bottom of the /etc/httpd/conf/httpd.conf should look like.
Compare this one to yours.

The attachment is the full file.
-------------------------------------------------------------------------------------------
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>

<Directory /var/www/sharedip>
Options +Includes -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

###############ispconfig_log###############
LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
CustomLog "|/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d" combined_ispconfig

<Directory /var/www/*/web>
Options +Includes -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

<Directory /var/www/*/user/*/web>
Options +Includes -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

<Directory /var/www/*/cgi-bin>
Options ExecCGI -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf

--------------------------------------------------------------------------------------------------

 

here is the bottom of the file

Code:

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *:80>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>

<Directory /var/www/sharedip>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>

###############ispconfig_log###############
LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
CustomLog "|/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d" combined_ispconfig

<Directory /var/www/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>

<Directory /var/www/*/user/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>

<Directory /var/www/*/cgi-bin>
    Options ExecCGI -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>

Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf


<Directory /var/www/sharedip>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>

###############ispconfig_log###############
LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
CustomLog "|/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d" combined_ispconfig

<Directory /var/www/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>

<Directory /var/www/*/user/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>

<Directory /var/www/*/cgi-bin>
    Options ExecCGI -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>

#Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf

You'll see two entries for the vhost, i've tried disabling either one with no success. I've also deleted my SSL entry for the site and redid the SSL leaving in the ISPconfig default values, and restart apache with no problem (except the certificate is coming up as not valid). I then copy and pasted the SSL certificate given to me from GoDaddy in to the certificate box. saved and restart apache and then the service failed!

 

I feel your pain....

Sorry I can't be of much help, but I share your pain. I am having the same issues with ISPConfig. I have certificates for a couple of web sites and when I try to paste them in to ISPConfig, and Save, Apache fails to start. If I go back and delete and let ISPConfig recreate, Apache starts. If I try to edit the .crt files or any others. Apache won't start.
There doesn't appear to be much documentation on moving web sites to new servers and applying existing certificates.
We need some help here!
Thanks!

 

Alright, I'm back. ( had to do the go-to-work thing )

jenjen:
Stick with us. I am going to try and help as much I as can. I promise.

This is kind of new for me as well.

I tried the ISP setup and personally found it to be overkill if you are just hosting
a couple sites like I do. I use a straight Apache configuration on a LAMP and
virtual e-mail system.

Works great and eliminates extra configuration problems like what we are having here.

terryoleary1981:
I was only able to quickly scan your last post before having to go to work.
( I work odd hours during the week, so I might not be able to respond until late.)

After looking at you ISPconfig, I see your certifcate information has been added here. That should be all you need for the cert. That tells Apache the names of the files and where to find the information. It also tells Apache to use ssl for that site.

Looking at your /etc/httpd/conf/httpd.conf file, the problem seems to be when you added the ssl information, ISP re-created the information Apache needs. (This appears to be a problem with ISPconfig. Not anything you did.) This is telling Apache to look for 2 seperate ISPconfig files when there is only one. This is causing Apache to read the file twice and think it is 2 seperate sites. Thus causing the error:

VirtualHost 192.168.1.108:443 overlaps with VirtualHost 192.168.1.108:443

So what needs to happen, is you need to delete or uncomment one of the ISPconfigs from Apache.

Your /etc/httpd/conf/httpd.conf should only have this info once:
-------------------------------------------------------------------------------------------------------------

<Directory /var/www/sharedip>
Options +Includes -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>



###############ispconfig_log###############
LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
CustomLog "|/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d" combined_ispconfig

<Directory /var/www/*/web>
Options +Includes -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

<Directory /var/www/*/user/*/web>
Options +Includes -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

<Directory /var/www/*/cgi-bin>
Options ExecCGI -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
------------------------------------------------------------------------------------------------

Uncomment or delete any other copies of this information.
Please let me know what happens.

 

Hi

Well after redoing it all from scratch, reissueing the key with the CSR and making sure there was only one include for the vhost after i applied the certificate i restarted apache and what do ya know its up and running! woohoo!

All i have to do now is set up Google Checkout!!!!! Thanks for the help!!!

 

You are more than welcome.

"Live & Learn"