benanamen Posted April 8, 2017 Share Posted April 8, 2017 I just set up SSL on Apache that has one IP and two domains that are using SSL. Individually they both work as expected. If they are both using port 443 at the same time, the server is defaulting to the first domain I set up which creates a domain mismatch error on the second one since it is reading the cert from the first domain. I have always had one IP per domain so I have never run across this problem. Doing research on it as I post. Anyone know the fix? Quote Link to comment Share on other sites More sharing options...
requinix Posted April 8, 2017 Share Posted April 8, 2017 Heh, I wonder how many people remember when we couldn't have multiple SSL sites on the same server... Are you using Apache 2.0 or 2.2? Do you have a NameVirtualHost *:443? Quote Link to comment Share on other sites More sharing options...
benanamen Posted April 8, 2017 Author Share Posted April 8, 2017 Debian 8 Apache version 2.4.10. Yes I have NameVirtualHost *:443 I found this site that shows what to do but no effect. https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm Whichever is the first <virtualhost> is the one that works correctly. I tried with *:443 and myip:443. Same results. Quote Link to comment Share on other sites More sharing options...
requinix Posted April 8, 2017 Share Posted April 8, 2017 What are the two vhost configs, minus the sensitive bits? Quote Link to comment Share on other sites More sharing options...
benanamen Posted April 8, 2017 Author Share Posted April 8, 2017 NameVirtualHost *:443 <VirtualHost *:443> DocumentRoot "/docrootpath" ServerName domain1 ServerAdmin webmaster@localhost ErrorLog /path CustomLog /path <Directory "path"> allow from all AllowOverride All Options None Require all granted </Directory> SSLEngine on SSLCertificateFile /path SSLCertificateKeyFile /path SSLCACertificateFile /path <Directory "/path"> allow from all Options None Require all granted </Directory> </VirtualHost> <VirtualHost *:443> DocumentRoot "/path" ServerName domain2 ServerAdmin webmaster@localhost ErrorLog /path CustomLog /path <Directory "/path"> Order Allow,Deny Allow from all AllowOverride all Options None Require all granted </Directory> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L] <Directory "/path"> allow from all Options None Require all granted </Directory> SSLEngine on SSLCertificateFile /path SSLCertificateKeyFile /path SSLCACertificateFile /path </VirtualHost> Quote Link to comment Share on other sites More sharing options...
requinix Posted April 8, 2017 Share Posted April 8, 2017 Seems fine. Maybe there's something more obvious wrong? Sure you have the right domain names? Are you being redirected at any point? Does the mismatch error truly say the certificate is for the other domain? What if you swap the virtualhosts in the configuration file? Does it have the same problem but in reverse? And what if you include a SSLStrictSNIVHostCheck onin the configuration (outside a vhost)? Quote Link to comment Share on other sites More sharing options...
benanamen Posted April 8, 2017 Author Share Posted April 8, 2017 As I said, each domain works perfectly on its own. Domain 2 definatly is using cert of domain 1. Switching host order just reverses the problem. No redirects. I will have to check on SSLStrictSNIVHostCheck on Quote Link to comment Share on other sites More sharing options...
benanamen Posted April 13, 2017 Author Share Posted April 13, 2017 Figured it out. The port 80 virtualhost needed a rewrite to the https. 80 V Host : Request for non https (www or not) rewrites to https (no www) 443 V Host: Request for https www rewrites to non https Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.