I have multiple virtual hosts on the same server using CentOS 6. After running sudo ./path/to/certbot-auto --apache I have successfully installed a certificate for a website https://domain1.example. Browser confirms that the certificate is issued to Common Name (CN) domain1.example.
However, after repeating the same procedure for domain2.example, browser is warning that the connection is not secure and the certificate is issued to Common Name 192.168.1.5, which is a local IP address of the server. Why isn't the Common Name correctly determined for domain2.example? What could be the reason?
Without https:// the website http://domain2.example is working properly.
It turns out the problem was due to the /etc/httpd/conf.d/ssl.conf file which enables SSL for Apache. Since CentOS loads all Apache conf files in alphabetical order, only those conf files will be using SSL which come after ssl.conf in alphabetical order. All files that come before will not be recognized for SSL.
In my case conf file for domain1.example came after ssl.conf and thus was recognized for SSL. But the conf file for domain2.example was before ssl.conf and therefore was ignored. A simple renaming ssl.conf to 000-ssl.conf put that file on top of the list and all the other files were loaded correctly.
Related
I have my main site "domain.com" and a subdomain "apps.domain.com" (with different directories for each site)
I generated a LE wildcard certificate with cerbot but i cant figure out how to use it...
Im trying to get ssl on the domain and subdomain. (im using debian and apache)
I know im supposed to make a ssl config file for the 443 port then another one for port 80. Also i dont understand why apache doesnt read all configuration files (had to put 000 at the start of the file)
I also have several questions, when certificate is installed will the certbot auto renewals still work ? how do i tell apache to auto redirect to https ?
I am trying to install self signed ssl on IP address. I have apache in centos7. I have mod_ssl installed. I have been able to create self signed certificate with openssl req. Now I need to add this certificate to virtual hosts. I found two different files in tutorials for this purpose.
etc/apache2/sites-available/default-ssl.conf and second option is etc/httpd/conf.d/ssl.conf.
But I could find apache2 folder in etc but not sites-availabe and no httpd in etc. Where do I find the relevant file to edit virtual hosts?
Thank you.
you can just create the folder sites-available if you want inside of the Apache folder. The important thing is to check the Main Apache Config file and make sure that it is loading up the default-ssl.conf file. Usually its done by putting an Include /*. That would load up everything in that folder.
Config files for Apache under Centos should be at /etc/httpd/ instead of /etc/apache/
I had https on my wordpress site working with a an ip address and self signed certificate fine. I set up the dns for the domain and installed and ran letsencrypt "successfully" but ssl connections to the domain are still trying to reference the original self signed certificate rather than the newly created ones (where are they?) and I'm not sure where to start troubleshooting
Running Apache2 on Debian Buster
Cheers
I'm not sure this was the correct way to fix it, but I went into the apache ssl conf file and changed the paths of the temporary certs i'd set up to the new letsencrypt cert file paths and restarted apache, and it worked!
I am running a virtual server (Ubunto, Plesk 12). For the vhosts the settings are stored in httpd.conf, which is generated by Plesk.
When having activated SSL-Support in Plesk, then Plesks default certificate is referenced, even when no certificate has been selected. Trying to override this value via vhost_ssl.conf results in Apache not being able to start/ restart. My tech support told me, that Apache is trying to bind both certificates then, instead of overriding the SSLCertificateFile directive.
When having SSL-Support deactivated in Plesk, then all directives regarding SSL (< IfModule mod_ssl.c >) are missing in httpd.conf. I guess additional directives within vhost_ssl.conf wont work then.
Is there any other way to replace/ override the default certificate? It is no option to put the setting into httpd.conf directly (iE via VI), because once I make a change in Plesk related to this file, it is overwritten. It is also no option, to put the certificates keys into Plesk, because they need to be updated regulary and I dont want to do that manually every time.
You can apply your certificate for domain if you upload certificate to subscription's repository here:
Also you can try LetsEncrypt extension from Extensions Catalog.
By the way, Plesk's LetsEncrypt extension updates all it's certificates by cron task every month:
I have setup Apache2 with SSL on a Debian Linux (squeeze) box. In the /etc/apache2/sites-available/default-ssl the SSL Engine is already configured and working. Packages with web software often come with an extra pkg-apache.conf file with some virtualhost, alias and directory directives. How could I make such package available via https without putting the content of pkg-apache.conf into default-ssl? Adapting the to *:433 results in load errors.
You can use the Include directive within your SSL virtual host to point to your extra configuration file. You'll need to make sure that the directives within that extra file can be used within a VirtualHost section.