SSL VirtualHost oddity

Discussion in 'Installation/Configuration' started by AubreyKilian, Aug 18, 2010.

  1. AubreyKilian

    AubreyKilian New Member

    Hi All,

    I'm experiencing an odd issue with enabling the first SSL'd host on ISPConfig 3. So far, all the virtualhosts were configured to use "*" as the IP Number, so all VHosts have "*:80" in the apache config files.

    I just created a new virtualhost that I want to have an SSL certificate on, on which I need to specify the server's IP number as the VirtualHost's IP.
    This works 100% perfectly, the vhost comes up, SSL works, perfect.
    BUT, what also happens is that every single other virtualhost on the server ends up rendering the SSL'd virtualhost's content. As soon as I change the IP number in ISPConfig back to "*", all the other virtualhosts work as expected, and the new SSL'd one gives an SSL cert error "Issuer not trusted", as it's not picking up the virtualhost's cert, but the server's self-signed one.

    I have 2 Listen statements in httpd.conf, one for port 80, one for port 443. I also have 4 NameVirtualHost lines, the *:80 and *:443 ones, and then also the and ones.

    This is likely an Apache config issue and not an ispconfig one, but I was just wondering if anybody else has come across this issue before and what the solution was?

  2. giovinazzo

    giovinazzo New Member

    I am running a fresh install of on Ubuntu 9.10 and I think that I am also experiencing the same problem, but I don't know the solution yet.
    I created 2 certificates for 2 vhosts via the web interface, but as soon as I created the second one, accessing the first domain points to the last certificate that was created.
    If I restart apache it tells me that there is a certificate conflict on the SSL port.
    Any help would be appreciated.
  3. AubreyKilian

    AubreyKilian New Member

    Not sure it's the same problem as I'm experiencing, you need to remember that each SSL'd virtualhost needs its own IP number on your server, are you specifying a second IP number for your second virtualhost?

  4. AubreyKilian

    AubreyKilian New Member

    *Solved* SSL VirtualHost Oddity

    As I suspected, this was indeed not an ISPConfig problem, but an Apache/mod_ssl problem.
    The default mod_ssl config file added a virtualhost called "_default_:443" - which took precedence over my new virtualhost that I created.
    The _default_ one didn't have any documentroot or path information, just some SSL settings, including details for a server certificate. This information was picked up first.

    Solution: Comment out/remove the whole _default_:443 virtualhost from the mod_ssl config file (/etc/httpd/conf.d/ssl.conf in my case on Centos 5)

Share This Page