Hey and good evening! First of all let me tell you that a) I really appreciate the work that has been done on ISPconfig till this day (and hopefully will continue )! b) I do realize this question was subject of discussion in one or the other way already, however I need to give it another try Problem description: I have multiple domain names pointing to one website where each domain got its very own SSL-certificate. In my case I got a Magento CE store with multiple store views each handling one of these domains (however, you will basically face the same problem with any other CMS, shop system or framework in general, that has to deal with multiple domains and SSL-certificates). In order to draw you a better picture, that's what I would want to achieve: - domain1.com (the actual webspace in ISPconfig | got a SSL-certificate) [/var/www/clients/client1/web1] - domain2.com (an alias pointing at domain1.com| got another SSL-certificate) [edit: note, this is what I wanted it to be initially] - domain3.com (another alias pointing at domain1.com | no SSL-certificate) My approach so far (yes, not a good idea, but I needed a quick - let's call it hack since it's surely not a solution as per now): domain1.com: /var/www/clients/client1/web1/web/ ... containing the source /var/www/clients/client1/web1/ssl/ ... containing the SSL-certificate for domain1.com and domain2.com domain2.com: /var/www/clients/client1/web2/web/ ... is a (manually created) sym-link to /var/www/clients/client1/web1/web/ /var/www/clients/client1/web2/ssl/ ... is a (manually created) sym-link to /var/www/clients/client1/web1/ssl/ domain3.com: Is a proper alias according to ISPconfig "domain1.com" is set up as a website; it's .htaccess handles the requests from different domains onto this website by using Code: [...] # "MAGE_RUN_CODE" and "MAGE_RUN_TYPE" for pointing to the relevant store/scope SetEnvIf Host domain1\.com MAGE_RUN_CODE=base_domain1 SetEnvIf Host domain1\.com MAGE_RUN_TYPE=website SetEnvIf Host domain2\.com MAGE_RUN_CODE=base_domain2 SetEnvIf Host domain2\.com MAGE_RUN_TYPE=website SetEnvIf Host domain3\.com MAGE_RUN_CODE=base_domain3 SetEnvIf Host domain3\.com MAGE_RUN_TYPE=website [...] "domain1.com" ssl-folder looks like this: Code: usr@webserver05:/var/www/domain1.com/ssl# ls -l total 40 -rw-r--r-- 1 web1 client1 6710 Dec 9 16:44 domain1.com.bundle -rw-r--r-- 1 web1 client1 1894 Dec 9 16:44 domain1.com.crt -rw-r--r-- 1 web1 client1 1814 Dec 9 16:44 domain1.com.csr -r-------- 1 web1 client1 3292 Dec 9 16:44 domain1.com.key -rw-r--r-- 1 web2 client1 5144 May 3 22:24 domain2.com.bundle -rw-r--r-- 1 web2 client1 1828 May 3 22:24 domain2.com.crt -rw-r--r-- 1 web2 client1 1008 May 3 22:24 domain2.com.csr -r-------- 1 web2 client1 1704 May 3 22:24 domain2.com.key hence "domain2.com" currently looks like this: Code: usr@webserver05:/var/www/domain2.com# ls -l total 28 drwxr-xr-x 2 web2 client1 4096 Apr 9 2014 cgi-bin drwxr-xr-x 2 root root 4096 May 4 00:00 log drwx--x--- 2 web2 client1 4096 Apr 9 2014 private lrwxrwxrwx 1 root root 35 May 4 00:03 ssl -> /var/www/clients/client1/web1/ssl drwxrwxrwx 2 web2 client1 4096 Apr 9 2014 tmp lrwxrwxrwx 1 root root 35 May 3 22:58 web -> /var/www/clients/client1/web1/web drwx--x--- 2 web2 client1 4096 Apr 9 2014 webdav Just for the record: "domain3.com" obviously does not exist since it's an alias. The setup I'm running: ISPConfig version: 3.0.5.4p8 (note: it's a multi server setup) Debian GNU/Linux 7 running Apache2 Now, my point is, this setup is actually working and surviving an Apache restart, however I'm rather worried about someone feeling the urge of modifying the config of website "domain2.com" in ISPconfig since I haven't completely checked its behavior in that case. What I can tell is, that the "web-folder" as such remains this way (with sym-links) when for example changing the website's domain. Also, the "ssl-folder" remains a sym-link when updating fields in the websites's SSL-tab in ISPconfig *. Due to my observations and testing I'm now curious whether this way could be seen as a proper workaround for the multiple SSL-certificates with "one" website or not. Does anything (beside the fact that this setup is not reflecting in the other servers managed by ISPconfig) speak against this configuration even though the relevant vhost files look pretty neat? Is there a reason to worry about any particular update process? * Here however one problem is that when changing the "SSL Domain" in the SSL-tab and submitting it with the option "Save certificate" this name change is not reflecting the certificate names located in the "symlinked" ssl-folder (which I guess would not be a problem when the ssl-folder actually remains as in a default ISPconfig website creation, which in my case also would be ok)
Just one quick thought as I read that last paragraph, what if you ditched the symlinks and instead used bind mounts? Maybe worth a quick try for that issue specifically, not the overall best way to handle this.
Hey Jesse! Bullseye - mount --bind would actually sort out even my last problem about not having the certificate files properly updated via ISPConfig, so you can state the above problem 'resolved'. However, I'm afraid that this approach might cause troubles in future to us due to the reason that you wont be able to identify the binding when ls -s'ing. So for the moment I guess I'll go with the sym-links and keep a README-file within web1/ and web2/; or maybe I missed out on anything in your hint?