Hi, I've edited the virtual host file to include the ServerName myhostname.com and restarted apache but myhostname.com still throws an error in SSL due to use a certificate from a domain that is hosted on the same server. How can I use the proper SSL for the hostname and have the default vhost to actually use that? Thanks
I found this post: https://www.howtoforge.com/communit...2-com-picking-up-wrong-ssl.84487/#post-403997 which most likely will solve my problem but the question is how to tell Apache to include first before everything else? I've also done: a2ensite default-ssl.conf and reloaded apache but without any luck.
If you edited default-ssl.conf correctly, you might well have another site loading first, and being the default in practice. What does `apachectl -S` show?
I renamed the default-ssl.conf as you suggested and reload apache but same problem. When I run the apachectl -S the first domain is the one that gets the SSL. It still shows my 000-default-ssl.conf at the end of it.
The other reason you end up with the wrong certificate or wrong site displaying is having differences in the addresses in use, '*' vs specific ip's. In general you want to use all '*' or use the ip for all, but don't mix them. What does `apachectl -S` show?
This is the ouput of apache -s (I've removed some parts with domains and just change IPs/domains. The web1.mydomain.com is the hostname which doesn't work. Code: root@web1:/etc/apache2/sites-enabled# apachectl -S VirtualHost configuration: [myIPv6::1]:80 is a NameVirtualHost default server domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:255) port 80 namevhost domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:255) alias www.domain1.gr port 80 namevhost domain2.com (/etc/apache2/sites-enabled/100-domain2.com.vhost:265) alias www.domain2.com alias www.domain2.gr alias domain2.gr [myIPv6::1]:443 is a NameVirtualHost default server domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:368 ) port 443 namevhost domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost :368) alias www.domain1.gr port 443 namevhost domain2.com (/etc/apache2/sites-enabled/100-domain2.com.vhost:384) alias www.domain2.com alias www.domain2.gr alias domain2.gr default server domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:7) port 80 namevhost domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost: 7) alias www.domain1.gr port 80 namevhost domain2.com (/etc/apache2/sites-enabled/100-domain2.com.vhost:7) alias www.domain2.com alias www.domain2.gr alias domain2.gr myIPv4ip:443 is a NameVirtualHost default server domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost:120 ) port 443 namevhost domain1.gr (/etc/apache2/sites-enabled/100-domain1.gr.vhost :120) alias www.domain1.gr port 443 namevhost domain2.com (/etc/apache2/sites-enabled/100-domain2.com.vhost:126) alias www.domain2.com alias www.domain2.gr alias domain2.gr *:8081 web1.mydomain.com (/etc/apache2/sites-enabled/000-apps.vhost:9) *:443 web1.mydomain.com (/etc/apache2/sites-enabled/000-default-ssl.conf:2) *:80 web1.mydomain.com (/etc/apache2/sites-enabled/000-default.conf:1) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex default: dir="/var/run/apache2/" mechanism=default Mutex mpm-accept: using_defaults Mutex fcgid-pipe: using_defaults Mutex authdigest-opaque: using_defaults Mutex watchdog-callback: using_defaults Mutex rewrite-map: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex authdigest-client: using_defaults Mutex fcgid-proctbl: using_defaults Mutex ssl-stapling: using_defaults Mutex proxy: using_defaults Mutex ssl-cache: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG Define: ENABLE_USR_LIB_CGI_BIN User: name="www-data" id=33 Group: name="www-data" id=33 root@web1:/etc/apache2/sites-enabled#
Here you see your web1.mydomain.com is bound to '*', whereas your other sites are bound to 'myIPV4' (or v6) - change your default-ssl.conf to use to the specific ip address your other sites are using rather than '*'.
Thanks, Jesse, changing to the IP worked. Where do the cert files saved during the installation? I'm asking as the hostname finds just the self-created certificate instead. of the Letsencrypt. Thanks
