Disable SSL on specific subdomain - apache

I have a domain say example.com using SSL. Now i have created a test site for the application and hosted in test.example.com. But whenever i am trying to access test.example.com i am getting connection not private error. That sub domain is also using the SSL somehow.
I tried to add redirect rule to http version in .htaccess and vhost files, but not working. Any solution?
Here is the default-ssl.conf file:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/frontend
DirectoryIndex index.html
<Directory /var/www/html/frontend>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine On
SSLCertificateFile /etc/ssl/certfile.crt
SSLCertificateKeyFile /etc/ssl/certkey.key
SSLCertificateChainFile /etc/ssl/gd_bundle-g2-g1.crt
</VirtualHost>
</IfModule>

Related

cannot letsencrypt because port 80 auto redirects to 443

I have a few sites running on a server running apache2 and I have forgotten how I auto forwarded all traffic to https. Trying to run letsencrypt but it must visit the http page first. when I wget the page I receive:
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://example.org/ [following]
I do not see anything in apache2.conf
mysite.conf
<VirtualHost *:80>
ServerAdmin admin
DocumentRoot /var/www/html/mysite/
ServerName example.org
Alias /mysite "/var/www/html/mysite/"
<Directory /var/www/html/mysite/>
Options +FollowSymlinks
AllowOverride All
Require all granted
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/mysite
SetEnv HTTP_HOME /var/www/html/mysite
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
mysite-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin
DocumentRoot /var/www/html/mysite/
ServerName mysite.org
ServerAlias www.example.org
Alias / "/var/www/html/mysite/"
<Directory /var/www/html/mysite/>
Options +FollowSymlinks
AllowOverride All
Require all granted
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/mysite
SetEnv HTTP_HOME /var/www/html/mysite
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/oldsite/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/oldsite/privkey.pem
</VirtualHost>
</IfModule>
<VirtualHost *:80>
ServerAdmin admin
DocumentRoot /var/www/html/mysite/
ServerName example.org
ServerAlias www.example.org
Alias / "/var/www/html/mysite/"
<Directory /var/www/html/mysite/>
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/mysite
SetEnv HTTP_HOME /var/www/html/mysite
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
not sure what I need to do to allow lets encrypt to complete the certs. Any help would be greatly appreciated!

Apache Virtual Hosts for Two Sites Not Working Properly

I am trying to have two separate sites with Apache virtual hosts on a test server. I am going to access the sites with the ip address of the instance (for example, http://167.275.122.215). When I enable the following configuration, I would be able to load the first site with just the ip address correctly (with http://167.275.122.215), but not http://167.275.122.215/exp. I get a 404 error when I point to that address. What am I doing wrong here?
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/main
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
Alias /exp /usr/share/wordpress
DocumentRoot /usr/share/wordpress
<Directory /usr/share/wordpress>
Options FollowSymLinks
AllowOverride all
DirectoryIndex index.php
require all granted
</Directory>
</VirtualHost>
In fact, my need is to be able to access the exp (experimental) site through the same ip while the main site is still available (from the original ip address). I tried giving a different port to the experimental site too (like below), but that still gave me a site can't be reached error.
<VirtualHost *:90>
<Directory /usr/share/wordpress>
Options FollowSymLinks
AllowOverride all
DirectoryIndex index.php
require all granted
</Directory>
</VirtualHost>
For port based multiple sites, listing the default port as the second site resolved the issue:
LISTEN 90
<VirtualHost *:90>
DocumentRoot /usr/share/wordpress
<Directory /usr/share/wordpress>
Options FollowSymLinks
AllowOverride all
DirectoryIndex index.php
require all granted
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/main
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Can't acces website when ssl enabled

We're trying to use SSL on our website.
The website is on a ubuntu server 2016. I've generated certicates from let's encrypt and followed the ubuntu tutorial but at the end i'm getting ERR_CONNECTION_REFUSED
<VirtualHost *:443>
ServerAdmin webmaster#sitename.eu
ServerName dp7.sitename.eu
ServerAlias www.dp7.sitename.eu
#SSLEngine on
#SSLCertificateFile /etc/letsencrypt/live/sitename.fr/cert.pem
#SSLCertificateChainFile /etc/letsencrypt/live/sitename.fr/fullchain.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/sitename.fr/privkey.pem
DocumentRoot /var/www/bt750
<Directory "/var/www/bt750">
Options +FollowSymLinks -MultiViews
AllowOverride all
Order allow,deny
allow from all
Require all granted
</Directory>
ErrorLog /var/log/apache2/dp7_ssl_error.log
LogLevel warn
CustomLog /var/log/apache2/dp7_ssl_access.log "combined"
</VirtualHost>
i have flushed all my chrome cache, without success
how can i solve this problem ?
You have some errors in apache configuration. You need Listen the 443 port and uncomment SLL configuration
Listen 443
<VirtualHost *:443>
ServerAdmin webmaster#sitename.eu
ServerName dp7.sitename.eu
ServerAlias www.dp7.sitename.eu
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/sitename.fr/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/sitename.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sitename.fr/privkey.pem
DocumentRoot /var/www/bt750
<Directory "/var/www/bt750">
Options +FollowSymLinks -MultiViews
AllowOverride all
Order allow,deny
allow from all
Require all granted
</Directory>
ErrorLog /var/log/apache2/dp7_ssl_error.log
LogLevel warn
CustomLog /var/log/apache2/dp7_ssl_access.log "combined"
</VirtualHost>

Apache delivering wrong SSL-Cert

I have a Server which is running Debian 8.1 with Apache 2.4.10 and OpenSSL 1.0.1k.
I have a domain example.com with a few subdomains like www.example.com, cloud.example.com and db.example.com all pointet to the Server (A-Records).
All these subdomains have their own VirtualHosts with their own SSL-Certificates. Also if you send a HTTPS-Request with another domain or with the IP you'll get a page with a self-signed certificate.
Everything was running perfect until I rebootet my server.
Now when I request example.com (without a subdomain-prefix) I get the self-signed crt. The subdomains are working perfectly fine. I have the following vHost-Configs:
(because I only want HTTPS I have a Rewrite-Rule for all HTTP-Connections)
000-default.conf
<VirtualHost *:80>
ServerAdmin admin#example.com
RewriteEngine On
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin#example.com
DocumentRoot /var/www
<Directory /var/www>
AllowOverride All
Require all granted
</Directory>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/default/ca.crt
SSLCertificateKeyFile /etc/ssl/certs/default/ca.key
</VirtualHost>
</IfModule>
www.example.com.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/example
<Directory /var/www/example>
AllowOverride All
Require all granted
</Directory>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/www.example.com/ca.crt
SSLCertificateKeyFile /etc/ssl/certs/www.example.com/ca.key
SSLCertificateChainFile /etc/ssl/certs/www.example.com/sub.class1.server.ca.pem
SSLCACertificateFile /etc/ssl/certs/www.example.com/ca.pem
</VirtualHost>
</IfModule>
cloud.example.com.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName cloud.example.com
DocumentRoot /var/www/example
<Directory /var/www/example>
AllowOverride All
Require all granted
</Directory>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/www.example.com/ca.crt
SSLCertificateKeyFile /etc/ssl/certs/www.example.com/ca.key
SSLCertificateChainFile /etc/ssl/certs/www.example.com/sub.class1.server.ca.pem
SSLCACertificateFile /etc/ssl/certs/www.example.com/ca.pem
</VirtualHost>
</IfModule>
I really hope that somebody can help me!
The hostname was example (like the domain, but without .com) so I changed the hostname to some random typing and after a reboot everything worked fine again. When I changed my hostname back it kept working even after a reboot.
For me changing the order of VirtualHosts helped to solve the problem, by putting malfunctioning VirtualHost to the top in the conf file.

Adding SSL to my website

I have the following virtual hosts config:
listen 80
listen 443
servername "example.com"
serveradmin "email#example.com"
namevirtualhost *:80
namevirtualhost *:443
directoryindex index.html index.php
options -indexes -multiviews +followsymlinks
<directory /Volumes/dev1/http>
allowoverride all
</directory>
<virtualhost *:80 *:443>
servername example.com
serveralias www.example.com
documentroot "/Volumes/dev1/http/example"
rewriteengine on
SSLCertificateFile "/Volumes/dev1/ssl/_ssl-cert.crt"
SSLCertificateKeyFile "/Volumes/dev1/ssl/_ssl-privatekey.crt"
SSLCertificateChainFile "/Volumes/dev1/ssl/_ssl-csr.crt"
</virtualhost>
Of course example.com is just an ... example.
All is well if I access http://example.com, but if I try to access the HTTPS version I get
Safari can’t open the page “https://example.com/” because Safari
can’t establish a secure connection to the server “example.com”.
The _ssl* files are all in place and running httpd -t from Terminal returns Syntax OK.
What am I doing wrong? Thanks!
This what I'm using (only the vhosts section), omitting the FCGID, suexec and PHP specific parts:
<VirtualHost *:80>
ServerName example.com
DocumentRoot "/var/www/example.com/htdocs"
<Directory "/var/www/example.com/htdocs/">
Options -Indexes
AllowOverride All
Order allow,deny
Allow from All
</Directory>
ErrorLog "/var/www/example.com/error.log"
CustomLog "/var/www/example.com/access.log" combined
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
DocumentRoot "/var/www/example.com/htdocs"
<Directory "/var/www/example.com/htdocs/">
Options -Indexes
AllowOverride All
Order allow,deny
Allow from All
</Directory>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache/ssl/example.com.crt
SSLCertificateKeyFile /etc/apache/ssl/example.key
SSLCertificateChainFile /etc/apache/ssl/gd_bundle.crt
ErrorLog "/var/www/example.com/error.log"
CustomLog "/var/www/example.com/access.log" combined
</VirtualHost>