apache name virtual host – two domains and SSL

Posted on

apache name virtual host – two domains and SSL – Problems with loading a website are often blamed on the Internet connection, but even the most perfectly set up network cannot help if there is no service to reply at your destination. One of the most popular HTTP servers used for this task is Apache2. Much of Apache’s popularity can be attributed to its easy installation and use, but never the less it is possible to run into problems with even the easiest of the software. If you’ve encountered an issue loading your web page, follow these simple troubleshooting methods outlined in this guide to attempt to get your web server back up and working again. Below are some tips in manage your apache2 server when you find problem about apache-2.2, ssl, , , .

I’m trying to setup Apache(2.2.3) to run two websites with SSL using both different domains and IP addresses. Both websites run fine on port 80 but when I tried to enable SSL for website2 I get a ssl_error_bad_cert_domain error; website2 picks up the SSL cert for website1.

Here is my setup in httpd.conf:

# Website1
NameVirtualHost 192.168.10.1:80

<VirtualHost 192.168.10.1:80>
DocumentRoot /var/www/html
ServerName www.website1.org
</VirtualHost>

NameVirtualHost 192.168.10.1:443

<VirtualHost 192.168.10.1:443>
SSLEngine On
SSLCertificateFile conf/ssl/website1.cer
SSLCertificateKeyFile conf/ssl/website1.key
</VirtualHost>

# Website2
NameVirtualHost 192.168.10.2:80

<VirtualHost 192.168.10.2:80>
DocumentRoot /var/www/html/chart
ServerName www.website2.org
</VirtualHost>

NameVirtualHost 192.168.10.2:443

<VirtualHost 192.168.10.2:443>
SSLEngine On
SSLCertificateFile conf/ssl/website2.cer
SSLCertificateKeyFile conf/ssl/website2.key
</VirtualHost>

Update:
In answer to Shane (this wouldn’t fit in comment box) here is the output from apachectl -S:

VirtualHost configuration:
192.168.10.2:80       is a NameVirtualHost
         default server www.website2.org (/etc/httpd/conf/httpd.conf:1033)
         port 80 namevhost www.website2.org (/etc/httpd/conf/httpd.conf:1033)

192.168.10.2:443      is a NameVirtualHost
         default server bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1040)
         port 443 namevhost bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1040)

192.168.10.1:80       is a NameVirtualHost
         default server www.website1.org (/etc/httpd/conf/httpd.conf:1017)
         port 80 namevhost www.website1.org (/etc/httpd/conf/httpd.conf:1017)

192.168.10.1:443      is a NameVirtualHost
         default server bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1024)
         port 443 namevhost bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1024)

wildcard NameVirtualHosts and _default_ servers:
_default_:443          192.168.10.1 (/etc/httpd/conf.d/ssl.conf:81)
Syntax OK

SSL vhosts are not NameVirtualHosts – they’re IP-based vhosts.

Remove the NameVirtualHost *:443 from your config.

Please remove

NameVirtualHost 192.168.10.1:443

and

NameVirtualHost 192.168.10.2:443

It doesn’t make sense to activate the name based virtual hosting stuff of Apache for SSL/TLS connections or you’d like to use the SNI extension.

Here is how I got it working. I had to move the ssl configuration out of httpd.conf and setup two virtualhosts in ssl.conf.

httpd.conf

# Website1
<VirtualHost 192.168.10.1:80>
DocumentRoot /var/www/html
ServerName www.website1.org
</VirtualHost>

# Website2
<VirtualHost 192.168.10.2:80>
DocumentRoot /var/www/html/chart
ServerName www.website2.org
</VirtualHost>

ssl.conf

<VirtualHost 192.168.10.1:443>
DocumentRoot "/var/www/html/"
ServerAdmin you@your-site.com
ServerName www.website1.org
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/website1.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/website1.key
SetEnvIf User-Agent ".*MSIE.*" 
nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost 192.168.10.2:443>
DocumentRoot "/var/www/html/chart/"
ServerAdmin you@your-site.com
ServerName www.website2.org
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/website2.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/website2.key
SetEnvIf User-Agent ".*MSIE.*" 
nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0
</VirtualHost>

Try removing or commenting out the <VirtualHost _default_:443> block in /etc/httpd/conf.d/ssl.conf.

Leave a Reply

Your email address will not be published.