I have a site where users can point their own custom domain to their unique directory on my site through A Records.
For example, example.com points to mysite.com/something and anothersite.org points to mysite.com/somethingelse
Each of these custom domains has an SSL certificate generated for them however is there a way to point to them dynamically in the VirtualHost file?
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
domain.com should be the current domain - if someone visits example.com then that should be where domain.com is.
Is it possible to use variables somehow?
I have tried this but it doesn't work and causes an error:
SSLCertificateFile /etc/letsencrypt/live/%{HTTP_HOST}/fullchain.pem
There is one only virtual host in total as there are hundreds of custom domains.
Related
For a web application running on Tomcat, to support multiple SSL sites on one Ip address, I like to add Apache in front of Tomcat.
Is it possible for user to upload its own SSL certificate and configure it dynamically without server restart?
<VirtualHost *:443>
DocumentRoot
ServerName
SSLCertificateFile
SSLCertificateKeyFile
SSLCACertificateFile
SSLEngine on
</VirtualHost>
For apache, the SSL configuration above needs to be added into apache conf file,
and requires server restart. Server restart is not acceptable because there will be many users on the same server. Any solution?
Thanks for help.
So I've got a login script (domain.com/script/index.php) that I need protected with a self-signed certificate, but installing a cert with Apache will apply it to my whole domain. My domain is a personal website, and the last thing I would want is for someone to go through the hassle of having to jump through the hoops of having to 'trust' my self-signed certificate.
Right now I have Webmin running on my server, and it currently has its own self-signed without applying it to my root website directory. Is there any way to secure my script directory without applying it to my root directory?
I'm gonna assume this is php and apache:
Just add this lines to your vhost configs:
SSLEngine on
SSLCertificateFile {{SERVER CRT PATH}}
SSLCertificateKeyFile {{SERVER CRT PATH}}
Make sure SSL dll is on in the php.ini
and apply like so:
# Local Php site
<VirtualHost *:83>
ServerName localhost
DocumentRoot C:/xampp2/htdocs/scripts/php
<Directory C:/xampp2/htdocs/scripts/php>
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile C:\xampp2\apache\conf\ssl.crt\server.crt
SSLCertificateKeyFile C:\xampp2\apache\conf\ssl.key\server.key
</VirtualHost>
Reference: http://robsnotebook.com/xampp-ssl-encrypt-passwords
restart apache then visit: https://localhost:83
I want users to be able to navigate to https://cloud.xxx.de, which works totally fine with the following configuration file. But besides the working (and correct) url, every url points to /var/www/cloud. Shouldn't ServerName cloud.xxx.de tell Apache to only point requests with this specific server name to the directory?
ServerName cloud.xxx.de
DocumentRoot /var/www/cloud
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<Directory /var/www/cloud>
...
</Directory>
Alright, I found out myself. From the Apache2 documentation:
Unless a NameVirtualHost directive is used for the exact IP address and port pair in the VirtualHost directive, Apache selects the best match only on the basis of the IP address (or wildcard) and port number. If there are multiple identical best matches, the first VirtualHost appearing in the configuration file will be selected.
So basically I just had to put
NameVirtualHost *:443
in front of my first evaluated virtual host listening on port 443.
I purchased an SSL certificate and I have some subject alternative names for it but I'm not sure where to put them in the config file. Each site is hosted on the same server and they all correspond to one another. They are all basically the same site just for different uses/marketing reasons
SUBJECT ALTERNATIVE NAMES: www.example2.com, www.otherexample.com, www.helpwithSANs.com
VirtualHost IP:portServerName www.example.com
SSLEngine on
SSLCertificateFile /path_to_cert
SSLCertificateKeyFile /path_to_key
SSLCertificateChainFile /path_to_whateverthisis
So my question is where or how do I use the SUBJECT ALTERNATIVE NAMES so the cert will work on all the sites.
Today I'm trying to configure Apache to run two domains each with their own SSL certificate. From what I have read this is supported by SNI as long as my Apache is configured with a recent version of OpenSSL. I verified that it is:
[notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.7 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/1.0.1 configured -- resuming normal operations
I thought I had successfully set up the second domain and certificate, but when I try to visit the second domain in chrome I get the following error:
You attempted to reach example2.com, but instead you actually reached a server identifying itself as example1.com.
this post seems closest to my issue:
hosting multiple SSL certs on apache
but from what I can tell my server is already configured correctly (clearly it is not!)
I have the following directives in my conf file for example2.com
ServerName example2.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/example2.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/example2.com.key
it looks right to me. so why is apache serving example1's cert when I visit example2?
turns out domain 1 was configured as
<VirtualHost *:443>
I use webmin, which only reveals that detail when you view the directive directly.
changing * was part of the solution but introduced some other problems. I think I will punt and do IP-based SSL.
I add this to ports.conf (Apache/2.2.22)
NameVirtualHost *:443
You can read details in this post
It's not possible to have multi SSL domain on the same ip addres.
context
When a client contact a https web site all communication are crypt with the site's public key (ssl certificat). Only the private key associate to the public key can decrypt the http request. basically that's how https work.
That why in your virtual host, you define for each ssl web site the certificate and the key
SSLCertificateFile /etc/apache2/ssl/example2.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/example2.com.key
VirtualHost Name base and SSL
When you use VirtualHost name base , when apache receive a client request the server read the request and look which domain name is requested. When the Domain Name is identified apache read virtuahost instruction and return the good web site.
When apache receive an SSL request , the system can't decrypt the message because apache need to use the SSLCertificateKeyFile defined in the Virtualhost but to know which virtualhost to use he need to be able to decrypt the message ....
Because apache don't know how to process your request the system return the first virtualhost processed.
That's why you need to use VirtualHost ip base that what is it use in the example :
hosting multiple SSL certs on apache
You have 2 ip 1.1.1.1 and 2.2.2.2
NameVirtualHost 1.1.1.1:443
NameVirtualHost 2.2.2.2:443
<VirtualHost 1.1.1.1:443>
ServerName www.domain1.com
...
...
</VirtualHost>
<VirtualHost 2.2.2.2:443>
ServerName www.domain2.com
...
...
</VirtualHost>
VirtualHost Name base and SSL wildcard certificat
If the private key AND the public key (ssl certificat) are the same for all domain, apache will be able to decrypt the communication. This situation append only when you use a wildcard certificate for a domain. example , if you have a wildcard for *.domain.com you can define VirtualHost name base like this
NameVirtualHost 1.1.1.1:443
<VirtualHost 1.1.1.1:443>
ServerName foo.domain.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/wildcard.domain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/wildcard.domain.com.key
...
...
</VirtualHost>
<VirtualHost 1.1.1.1:443>
ServerName bar.domain.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/wildcard.domain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/wildcard.domain.com.key
...
...
</VirtualHost>
This configuration will work because, whatever the domain, apache use the same private key to decrypt the communication so the system will be able to select the good VirtualHost setting.
Have a nice day.