I am working on a project where I need SSL Certificate installed on a server for HTTPS protocol. I have main domain example.com and subdomain sub.example.com. Main domain is hosted on provider1, a subdomain is hosted on provider2. When accessing subdomain name, provider1 redirects to provider2 where subdomain is hosted. On that subdomain (sub.example.com) I need to setup SSL Certificate.
I managed to install certificate on a subdomain with instructions(RapidSSL) from provider, but HTTPS is not working.
In instructions there is IP address required for <VirtualHost [IP ADDRESS]:443> section.
Which IP address must be provided?
In similar solutions there is <VirtualHost *:443> tag with no specific IP address.
Also httpd.conf on my server is empty.
Related
I am self-hosting a website on a Debian computer with apache, and in my DNS configuration I have set all subdomains of my domain (*.mydomain.com) to go to the IP of my Debian computer. How do I configure apache so that if someone goes to a subdomain that doesn't have a virtual host, I have a separate file for each subdomain, they get a 404 error instead of seeing the content on the root domain? I have tried editing the 000-default.conf file and put the following in it:
<VirtualHost *:80>
ServerName null
Redirect 404 /
</VirtualHost>
<VirtualHost *:443>
ServerName null
Redirect 404 /
</VirtualHost>
But now when I got to mydomain.com I get the following error:
This site can’t provide a secure connection
mydomain.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Oddly if I go to one of the subdomains that I have configured for mydomain.com it works correctly and I see the page that should be on the subdomain.
Your connection is not private
error messages comes from the certificate used which is probably not valid for the domain you're connecting to.
Wilcard certificates such as *.mydomain.com are valid for 'third-Level.mydomain.com' but NOT for 'somthing.third-Level.mydomain.com' which requires a wildcard like '*.third-Level.mydomain.com'.
You can get free and valid wildcard certificates from Let's Encrypt (https://letsencrypt.org/)
And, instead of adding port 443 to 000-default.conf, use the default-ssl.conf file. Enable default-ssl.conf using a2enconf default-ssl, and then remove the 443 from the 000-default.conf. And then, restart/reload apache using systemctl restart apache2
I have created a subdomain for a domain. I successfully added SSL to the domain but it gives the below error for the subdomain:
selected vhost would conflict with other HTTPS VirtualHosts within Apache. Please select another vhost or add ServerNames to your configuration.
My DNS is correct. I can access the http version of the subdomain site without any problem.
I even added subdomain and IP to /etc/hosts
My goal is to add an SSL certificate to subdomain via certbot --apache -d www.sub.example.com -d sub.example.com
I have five more domain on my virtual host and I created SSL certificates for all of them without any problem.
I have tried to change sub directory address...change NameAlias...
I got the below error:
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
I solved this issue. I added subdomain to ServerAlias and certbot --apache -d sub.example.com works. However, someone suggested me to add AAAA record for my subdomain and try certbot --apache -d www.sub.example.com again.
I have a Hybris server installation hosting two sites hosted on two directories /site1 and /site2 pointing to two different domains such as www.site1.com and www.site2.com and both domains point to same ELB endpoint. In our current setup, we use the proxy web server (rewrite method) to add the /sitepath to the domain names. Eg: ELBcname/site1 and ELBcname/site2. We do this because both sites are deployed in the same instance.
As far as I know Hybris installation use apache-tomcat as their application web server. Can I do Apache Namevirtualhost configuration to point the two domains to these with different document root to avoid using the proxy server?
Eg:
<VirtualHost *:80>
DocumentRoot "/hybrisdocroot/site1/"
ServerName site1
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/hybrisdocroot/site2/"
ServerName site2
</VirtualHost>
Or is there any provision to add the path to Cname of ELB or ALB?
I would drop the proxy entirely, terminate SSL at the ELB with ACM Certificates on each domain (ie ssl common name *.site1.com and *.site2.com) and eliminate the path completely. Let the site answer at the fully qualified domain name (FQDN) only, and ideally only on HTTPS - HTTP is really disfavored now IMHO.
The path construction you indicate may have been used to simplify SSL termination and eliminate the number of certs needed for the service. Since ACM certs are free, the goal should be to provision each site with its own proper SSL cert.
Or is there any provision to add the path to Cname of ELB or ALB?
No. And in any case not needed if you eliminate the path from the URI to reach each site. And of course you can use ELB CNAMEs/ALIAS for a FQDN.
I'm running apache with on a multi-tenant server with vhost sites configured.
So I have a vhost for domain1.com that has SSL cert defined in the vhost file. Then I have domain2.com that does not have SSL cert defined. If I visit https://domain2.com, the browser pulls up the website for domain1.com, then of course displays a broken SSL cert warning in the browser.
The way I'm trying to correct this is:
First, in the vhost.conf file for domain2 I've put this:
<VirtualHost ip:443>
ServerName domain2.com
DocumentRoot /var/www/domain2/
SSLEngine on
SSLCertificateFile /var/certs/cert.crt
SSLCertificateKeyFile /var/certs/cert.key
Redirect permanent / http://www.domain2.com
</VirtualHost>
Of course this client doesn't actually own their own SSL certificate, so I'm pointing it to a certificate file for one of our domains. This in some instances gives a certificate warning to the user when they visit https://www.domain2.com or https://domain2.com. (in Chrome I can go to https://domain2.com and get redirected without a warning)
Of course generating a self-signed cert to use for this purpose also throws a cert warning. If I remove the "SSLEngine On" directive so I don't have to specify a cert at all, it essentially breaks SSL on the entire server and no sites work right.
How can I successfully do this without having to worry about users getting the certificate warning, and simply redirect all their HTTPS requests for domain2.com to HTTP?
You can't.
The only way to have a proper redirect without certificate warnings is to have a proper certificate for the domain you want to redirect from.
A redirect is done at the HTTP level, that is inside the TLS tunnel created by the HTTPS connection. Thus the clients first needs to create the TLS connection before it can get the redirect. But creating the TLS connection already results in the certificate issue because name in the URL and in the certificate do not match.
Another way is to move all SSL hosts to one IP address and all other hosts to another IP address. This way the client will not get a certificate warning but will see that there is no HTTPS on this address.
I have a new Plesk 12 installation. I have configured a domain (example.com) with hosting that also requires wildcard subdomains.
To achieve this I had to create a vhost.conf file with
ServerAlias *.example.com
This works and I can go to anything.example.com with no issue.
I purchased a wildcard SSL certificate for *.example.com and successfully installed it.
If I go to https://example.com, it works perfectly and shows the correct certificate, however if I go to https://anything.example.com it tells me the connection is untrusted, when I view the certificate, it shows the Parallels Plesk self certified certificate and not my purchased certificate.
I created a vhost_ssl.conf with
ServerAlias *.example.com
ServerAlias *.example.com:443
If I add an exception, then I am taken to the correct place, albeit with the incorrect certificate.
Of course I have executed httpdmng --reconfigure-domain example.com and also tried a full reboot.
In summary:
http://example.com - works
http://anything.example.com - works
https://example.com works with my certificate
https://anything.example.com has Parallels certificate but routes to correct page
How about create same directive for nginx?
cat /var/www/vhosts/system/domain.tld/conf/vhost_nginx.conf
server_name *.domain.tld;
Actually all this can be done from Plesk GUI: