Apache 2.4 with self-signed certificates always redirect to the default virtual hostBinding domain name to...

Multi tool use
Multi tool use

Improve appearance of the table in Latex

What are the current battlegrounds for people’s “rights” in the UK?

Why is oilcloth made with linseed oil?

Methodology: Writing unit tests for another developer

Why is it easier to balance a non-moving bike standing up than sitting down?

Covering index used despite missing column

What triggered jesuits' ban on infinitesimals in 1632?

Is "Busen" just the area between the breasts?

Rejecting an offer after accepting it just 10 days from date of joining

Extending prime numbers digit by digit while retaining primality

Can the pre-order traversal of two different trees be the same even though they are different?

Too early in the morning to have SODA?

What is the oldest commercial MS-DOS program that can run on modern versions of Windows without third-party software?

A word for delight at someone else's failure?

Is the continuity test limit resistance of a multimeter standard?

In the US, can a former president run again?

Is the specular reflection on a polished gold sphere white or gold in colour?

How do I professionally let my manager know I'll quit over an issue?

Is there a name for the trope when there is a moments dialogue when someone pauses just before they leave the room?

What does it cost to buy a tavern?

Drawing a second weapon as part of an attack?

Am I legally required to provide a (GPL licensed) source code even after a project is abandoned?

What are Elsa's reasons for selecting the Holy Grail on behalf of Donovan?

Subtract the Folded Matrix



Apache 2.4 with self-signed certificates always redirect to the default virtual host


Binding domain name to Apache Virtual host on VPSGenerate a certificate signing request for an SSL serverApache Virtual Host not working on Ubuntu 14.04 LTSMultiple RSA server certificates not allowedApache server does not start on CentOSCannot disable non-SNI accesses to default SSL hostApache 2.2 default virtual host for IP addressApache mod_ssl http to httpsApache2 000-Default VHost won't be choosen by a RequestHow to run apache httpd 2.4.6 with a self-signed certificate signed with an elliptic curve key brainpoolP384t1, on CentOS 7.6?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







0















I've been trying to make work virtual hosts with self-signed certificates with Apache 2.4. I've tried many setup combinations but no matter what, every virtual host I try in Firefox goes straight to the default one (after clearing the cache). The only error message I get is in Apache error.log (none of the subdomain virtual host logs have error messages):



`[Mon Jun 17 19:32:48.866641 2019] [ssl:debug] [pid 3084] ssl_engine_kernel.c(2122): [client 192.168.1.100:57956] AH02044: No matching SSL virtual host for servername subdomain.7d.net found (using default/first virtual host)



The current setup is an IP-based virtual hosting (one physical IP address used by the default host and many virtual IP addresses used to many virtual hosts, one-to-one). Before that Apache was using a name-based virtual hosting with just one physical IP address with the same behavior.



Every virtual host is using its own self-signed certificate, before that all virtual hosts were using a single one. No error message has been reported because of an SSL certificate. Every certificate match for its corresponding name. OpenSSL 1.1.0 was used to generate the certificates.



Besides the self-signed certificate Apache is using the Starfield Class 2 Certificate Authority.



There's no DNS server installed, there's just a /etc/hosts file, every IP address and hostname is working perfectly fine.



Apache 2.4.25 is running on Debian Stretch.










share|improve this question

























  • What does apache2ctl -S show you?

    – ivanivan
    1 hour ago


















0















I've been trying to make work virtual hosts with self-signed certificates with Apache 2.4. I've tried many setup combinations but no matter what, every virtual host I try in Firefox goes straight to the default one (after clearing the cache). The only error message I get is in Apache error.log (none of the subdomain virtual host logs have error messages):



`[Mon Jun 17 19:32:48.866641 2019] [ssl:debug] [pid 3084] ssl_engine_kernel.c(2122): [client 192.168.1.100:57956] AH02044: No matching SSL virtual host for servername subdomain.7d.net found (using default/first virtual host)



The current setup is an IP-based virtual hosting (one physical IP address used by the default host and many virtual IP addresses used to many virtual hosts, one-to-one). Before that Apache was using a name-based virtual hosting with just one physical IP address with the same behavior.



Every virtual host is using its own self-signed certificate, before that all virtual hosts were using a single one. No error message has been reported because of an SSL certificate. Every certificate match for its corresponding name. OpenSSL 1.1.0 was used to generate the certificates.



Besides the self-signed certificate Apache is using the Starfield Class 2 Certificate Authority.



There's no DNS server installed, there's just a /etc/hosts file, every IP address and hostname is working perfectly fine.



Apache 2.4.25 is running on Debian Stretch.










share|improve this question

























  • What does apache2ctl -S show you?

    – ivanivan
    1 hour ago














0












0








0








I've been trying to make work virtual hosts with self-signed certificates with Apache 2.4. I've tried many setup combinations but no matter what, every virtual host I try in Firefox goes straight to the default one (after clearing the cache). The only error message I get is in Apache error.log (none of the subdomain virtual host logs have error messages):



`[Mon Jun 17 19:32:48.866641 2019] [ssl:debug] [pid 3084] ssl_engine_kernel.c(2122): [client 192.168.1.100:57956] AH02044: No matching SSL virtual host for servername subdomain.7d.net found (using default/first virtual host)



The current setup is an IP-based virtual hosting (one physical IP address used by the default host and many virtual IP addresses used to many virtual hosts, one-to-one). Before that Apache was using a name-based virtual hosting with just one physical IP address with the same behavior.



Every virtual host is using its own self-signed certificate, before that all virtual hosts were using a single one. No error message has been reported because of an SSL certificate. Every certificate match for its corresponding name. OpenSSL 1.1.0 was used to generate the certificates.



Besides the self-signed certificate Apache is using the Starfield Class 2 Certificate Authority.



There's no DNS server installed, there's just a /etc/hosts file, every IP address and hostname is working perfectly fine.



Apache 2.4.25 is running on Debian Stretch.










share|improve this question
















I've been trying to make work virtual hosts with self-signed certificates with Apache 2.4. I've tried many setup combinations but no matter what, every virtual host I try in Firefox goes straight to the default one (after clearing the cache). The only error message I get is in Apache error.log (none of the subdomain virtual host logs have error messages):



`[Mon Jun 17 19:32:48.866641 2019] [ssl:debug] [pid 3084] ssl_engine_kernel.c(2122): [client 192.168.1.100:57956] AH02044: No matching SSL virtual host for servername subdomain.7d.net found (using default/first virtual host)



The current setup is an IP-based virtual hosting (one physical IP address used by the default host and many virtual IP addresses used to many virtual hosts, one-to-one). Before that Apache was using a name-based virtual hosting with just one physical IP address with the same behavior.



Every virtual host is using its own self-signed certificate, before that all virtual hosts were using a single one. No error message has been reported because of an SSL certificate. Every certificate match for its corresponding name. OpenSSL 1.1.0 was used to generate the certificates.



Besides the self-signed certificate Apache is using the Starfield Class 2 Certificate Authority.



There's no DNS server installed, there's just a /etc/hosts file, every IP address and hostname is working perfectly fine.



Apache 2.4.25 is running on Debian Stretch.







debian apache-httpd openssl ssl apache-virtualhost






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 1 hour ago







abiyi

















asked 1 hour ago









abiyiabiyi

116




116













  • What does apache2ctl -S show you?

    – ivanivan
    1 hour ago



















  • What does apache2ctl -S show you?

    – ivanivan
    1 hour ago

















What does apache2ctl -S show you?

– ivanivan
1 hour ago





What does apache2ctl -S show you?

– ivanivan
1 hour ago










1 Answer
1






active

oldest

votes


















0














"(none of the subdomain virtual host logs have error messages)"



That was (should have been) your clue. :)
There are several (conf) files in play here. I'm guessing you've (basically) omitted the extra/httpd-vhosts.conf. Which defines all/any of your virtual hosts.



version 2.4 has become more modular than it's predecessors. So most of the old methods either don't work, or have been moved.



apache24/httpd.conf holds global configuration, and the primary host/IP stuff.



apache24/extra/httpd-vhosts.conf common Virtual Host definitions.



# PRIMARY (default) Vhost
# Everything is on a SECURE socket. Redirect accordingly

<VirtualHost *:80>
ServerName main-domain.vhost
Redirect permanent / https://main-domain.vhost/
</VirtualHost>
# another Vhost on same IP but with different name
<VirtualHost *:80>
ServerName another-domain.vhost
Redirect permanent / https://another-domain.vhost/
</VirtualHost>

...

####################################################################
#NameVirtualHost *:443
####################################################################
# MAIN Vhost
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/data"
ServerName main-domain.vhost
ServerAlias www.main-domain.vhost

SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"

...

</VirtualHost>

# We now need to include our INDIVIDUAL/ADDITIONAL (V) hosts
# We do so thusly

# They all run on a SSL
Include etc/apache24/extra/hosts/another-domain.vhost.conf

# NOTE above, the .conf files live in a SUBdirectory of the "extra" folder (hosts)




OK Now we go on to the individual Vhosts .conf files



apache24/extra/hosts/*.conf



apache24/extra/hosts/another-domain.vhost.conf

# # # # # # # # # # # # # # # # # # # # # # # #
# # # another-domain.vhost
# # # # # # # # # # # # # # # # # # # # # # # #
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/another-domain.vhost"
ServerName another-domain.vhost
ServerAlias www.another-domain.vhost


SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"

...

</VirtualHost>


That's all the pertinent info required in your file(s) to satisfy apache(2.4). As you can see I'm 1) using "letsencrypt" as my cert provider, and 2) I'm sharing examples from one of my BSD boxes. But that only changes the root of the Apache install path. Everything from apache24 (including the folder apache24 should be identical. So if you follow along, you should be set.



That doesn't guarantee your Certs will pass muster. But that's for a different thread. :)



HTH






share|improve this answer








New contributor



somebody is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f525536%2fapache-2-4-with-self-signed-certificates-always-redirect-to-the-default-virtual%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    "(none of the subdomain virtual host logs have error messages)"



    That was (should have been) your clue. :)
    There are several (conf) files in play here. I'm guessing you've (basically) omitted the extra/httpd-vhosts.conf. Which defines all/any of your virtual hosts.



    version 2.4 has become more modular than it's predecessors. So most of the old methods either don't work, or have been moved.



    apache24/httpd.conf holds global configuration, and the primary host/IP stuff.



    apache24/extra/httpd-vhosts.conf common Virtual Host definitions.



    # PRIMARY (default) Vhost
    # Everything is on a SECURE socket. Redirect accordingly

    <VirtualHost *:80>
    ServerName main-domain.vhost
    Redirect permanent / https://main-domain.vhost/
    </VirtualHost>
    # another Vhost on same IP but with different name
    <VirtualHost *:80>
    ServerName another-domain.vhost
    Redirect permanent / https://another-domain.vhost/
    </VirtualHost>

    ...

    ####################################################################
    #NameVirtualHost *:443
    ####################################################################
    # MAIN Vhost
    <VirtualHost *:443>
    ServerAdmin me@localhost
    DocumentRoot "/usr/local/www/data"
    ServerName main-domain.vhost
    ServerAlias www.main-domain.vhost

    SSLEngine on
    SSLCertificateFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/cert.pem"
    SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/privkey.pem"
    SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/fullchain.pem"
    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
    # HSTS (mod_headers is required) (7884000 seconds = 3 months)
    Header always set Strict-Transport-Security "max-age=15768000"

    ...

    </VirtualHost>

    # We now need to include our INDIVIDUAL/ADDITIONAL (V) hosts
    # We do so thusly

    # They all run on a SSL
    Include etc/apache24/extra/hosts/another-domain.vhost.conf

    # NOTE above, the .conf files live in a SUBdirectory of the "extra" folder (hosts)




    OK Now we go on to the individual Vhosts .conf files



    apache24/extra/hosts/*.conf



    apache24/extra/hosts/another-domain.vhost.conf

    # # # # # # # # # # # # # # # # # # # # # # # #
    # # # another-domain.vhost
    # # # # # # # # # # # # # # # # # # # # # # # #
    <VirtualHost *:443>
    ServerAdmin me@localhost
    DocumentRoot "/usr/local/www/another-domain.vhost"
    ServerName another-domain.vhost
    ServerAlias www.another-domain.vhost


    SSLEngine on
    SSLCertificateFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/cert.pem"
    SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/privkey.pem"
    SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/fullchain.pem"
    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
    # HSTS (mod_headers is required) (7884000 seconds = 3 months)
    Header always set Strict-Transport-Security "max-age=15768000"

    ...

    </VirtualHost>


    That's all the pertinent info required in your file(s) to satisfy apache(2.4). As you can see I'm 1) using "letsencrypt" as my cert provider, and 2) I'm sharing examples from one of my BSD boxes. But that only changes the root of the Apache install path. Everything from apache24 (including the folder apache24 should be identical. So if you follow along, you should be set.



    That doesn't guarantee your Certs will pass muster. But that's for a different thread. :)



    HTH






    share|improve this answer








    New contributor



    somebody is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.
























      0














      "(none of the subdomain virtual host logs have error messages)"



      That was (should have been) your clue. :)
      There are several (conf) files in play here. I'm guessing you've (basically) omitted the extra/httpd-vhosts.conf. Which defines all/any of your virtual hosts.



      version 2.4 has become more modular than it's predecessors. So most of the old methods either don't work, or have been moved.



      apache24/httpd.conf holds global configuration, and the primary host/IP stuff.



      apache24/extra/httpd-vhosts.conf common Virtual Host definitions.



      # PRIMARY (default) Vhost
      # Everything is on a SECURE socket. Redirect accordingly

      <VirtualHost *:80>
      ServerName main-domain.vhost
      Redirect permanent / https://main-domain.vhost/
      </VirtualHost>
      # another Vhost on same IP but with different name
      <VirtualHost *:80>
      ServerName another-domain.vhost
      Redirect permanent / https://another-domain.vhost/
      </VirtualHost>

      ...

      ####################################################################
      #NameVirtualHost *:443
      ####################################################################
      # MAIN Vhost
      <VirtualHost *:443>
      ServerAdmin me@localhost
      DocumentRoot "/usr/local/www/data"
      ServerName main-domain.vhost
      ServerAlias www.main-domain.vhost

      SSLEngine on
      SSLCertificateFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/cert.pem"
      SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/privkey.pem"
      SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/fullchain.pem"
      # HSTS (mod_headers is required) (15768000 seconds = 6 months)
      # HSTS (mod_headers is required) (7884000 seconds = 3 months)
      Header always set Strict-Transport-Security "max-age=15768000"

      ...

      </VirtualHost>

      # We now need to include our INDIVIDUAL/ADDITIONAL (V) hosts
      # We do so thusly

      # They all run on a SSL
      Include etc/apache24/extra/hosts/another-domain.vhost.conf

      # NOTE above, the .conf files live in a SUBdirectory of the "extra" folder (hosts)




      OK Now we go on to the individual Vhosts .conf files



      apache24/extra/hosts/*.conf



      apache24/extra/hosts/another-domain.vhost.conf

      # # # # # # # # # # # # # # # # # # # # # # # #
      # # # another-domain.vhost
      # # # # # # # # # # # # # # # # # # # # # # # #
      <VirtualHost *:443>
      ServerAdmin me@localhost
      DocumentRoot "/usr/local/www/another-domain.vhost"
      ServerName another-domain.vhost
      ServerAlias www.another-domain.vhost


      SSLEngine on
      SSLCertificateFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/cert.pem"
      SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/privkey.pem"
      SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/fullchain.pem"
      # HSTS (mod_headers is required) (15768000 seconds = 6 months)
      # HSTS (mod_headers is required) (7884000 seconds = 3 months)
      Header always set Strict-Transport-Security "max-age=15768000"

      ...

      </VirtualHost>


      That's all the pertinent info required in your file(s) to satisfy apache(2.4). As you can see I'm 1) using "letsencrypt" as my cert provider, and 2) I'm sharing examples from one of my BSD boxes. But that only changes the root of the Apache install path. Everything from apache24 (including the folder apache24 should be identical. So if you follow along, you should be set.



      That doesn't guarantee your Certs will pass muster. But that's for a different thread. :)



      HTH






      share|improve this answer








      New contributor



      somebody is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















        0












        0








        0







        "(none of the subdomain virtual host logs have error messages)"



        That was (should have been) your clue. :)
        There are several (conf) files in play here. I'm guessing you've (basically) omitted the extra/httpd-vhosts.conf. Which defines all/any of your virtual hosts.



        version 2.4 has become more modular than it's predecessors. So most of the old methods either don't work, or have been moved.



        apache24/httpd.conf holds global configuration, and the primary host/IP stuff.



        apache24/extra/httpd-vhosts.conf common Virtual Host definitions.



        # PRIMARY (default) Vhost
        # Everything is on a SECURE socket. Redirect accordingly

        <VirtualHost *:80>
        ServerName main-domain.vhost
        Redirect permanent / https://main-domain.vhost/
        </VirtualHost>
        # another Vhost on same IP but with different name
        <VirtualHost *:80>
        ServerName another-domain.vhost
        Redirect permanent / https://another-domain.vhost/
        </VirtualHost>

        ...

        ####################################################################
        #NameVirtualHost *:443
        ####################################################################
        # MAIN Vhost
        <VirtualHost *:443>
        ServerAdmin me@localhost
        DocumentRoot "/usr/local/www/data"
        ServerName main-domain.vhost
        ServerAlias www.main-domain.vhost

        SSLEngine on
        SSLCertificateFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/cert.pem"
        SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/privkey.pem"
        SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/fullchain.pem"
        # HSTS (mod_headers is required) (15768000 seconds = 6 months)
        # HSTS (mod_headers is required) (7884000 seconds = 3 months)
        Header always set Strict-Transport-Security "max-age=15768000"

        ...

        </VirtualHost>

        # We now need to include our INDIVIDUAL/ADDITIONAL (V) hosts
        # We do so thusly

        # They all run on a SSL
        Include etc/apache24/extra/hosts/another-domain.vhost.conf

        # NOTE above, the .conf files live in a SUBdirectory of the "extra" folder (hosts)




        OK Now we go on to the individual Vhosts .conf files



        apache24/extra/hosts/*.conf



        apache24/extra/hosts/another-domain.vhost.conf

        # # # # # # # # # # # # # # # # # # # # # # # #
        # # # another-domain.vhost
        # # # # # # # # # # # # # # # # # # # # # # # #
        <VirtualHost *:443>
        ServerAdmin me@localhost
        DocumentRoot "/usr/local/www/another-domain.vhost"
        ServerName another-domain.vhost
        ServerAlias www.another-domain.vhost


        SSLEngine on
        SSLCertificateFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/cert.pem"
        SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/privkey.pem"
        SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/fullchain.pem"
        # HSTS (mod_headers is required) (15768000 seconds = 6 months)
        # HSTS (mod_headers is required) (7884000 seconds = 3 months)
        Header always set Strict-Transport-Security "max-age=15768000"

        ...

        </VirtualHost>


        That's all the pertinent info required in your file(s) to satisfy apache(2.4). As you can see I'm 1) using "letsencrypt" as my cert provider, and 2) I'm sharing examples from one of my BSD boxes. But that only changes the root of the Apache install path. Everything from apache24 (including the folder apache24 should be identical. So if you follow along, you should be set.



        That doesn't guarantee your Certs will pass muster. But that's for a different thread. :)



        HTH






        share|improve this answer








        New contributor



        somebody is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        "(none of the subdomain virtual host logs have error messages)"



        That was (should have been) your clue. :)
        There are several (conf) files in play here. I'm guessing you've (basically) omitted the extra/httpd-vhosts.conf. Which defines all/any of your virtual hosts.



        version 2.4 has become more modular than it's predecessors. So most of the old methods either don't work, or have been moved.



        apache24/httpd.conf holds global configuration, and the primary host/IP stuff.



        apache24/extra/httpd-vhosts.conf common Virtual Host definitions.



        # PRIMARY (default) Vhost
        # Everything is on a SECURE socket. Redirect accordingly

        <VirtualHost *:80>
        ServerName main-domain.vhost
        Redirect permanent / https://main-domain.vhost/
        </VirtualHost>
        # another Vhost on same IP but with different name
        <VirtualHost *:80>
        ServerName another-domain.vhost
        Redirect permanent / https://another-domain.vhost/
        </VirtualHost>

        ...

        ####################################################################
        #NameVirtualHost *:443
        ####################################################################
        # MAIN Vhost
        <VirtualHost *:443>
        ServerAdmin me@localhost
        DocumentRoot "/usr/local/www/data"
        ServerName main-domain.vhost
        ServerAlias www.main-domain.vhost

        SSLEngine on
        SSLCertificateFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/cert.pem"
        SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/privkey.pem"
        SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/fullchain.pem"
        # HSTS (mod_headers is required) (15768000 seconds = 6 months)
        # HSTS (mod_headers is required) (7884000 seconds = 3 months)
        Header always set Strict-Transport-Security "max-age=15768000"

        ...

        </VirtualHost>

        # We now need to include our INDIVIDUAL/ADDITIONAL (V) hosts
        # We do so thusly

        # They all run on a SSL
        Include etc/apache24/extra/hosts/another-domain.vhost.conf

        # NOTE above, the .conf files live in a SUBdirectory of the "extra" folder (hosts)




        OK Now we go on to the individual Vhosts .conf files



        apache24/extra/hosts/*.conf



        apache24/extra/hosts/another-domain.vhost.conf

        # # # # # # # # # # # # # # # # # # # # # # # #
        # # # another-domain.vhost
        # # # # # # # # # # # # # # # # # # # # # # # #
        <VirtualHost *:443>
        ServerAdmin me@localhost
        DocumentRoot "/usr/local/www/another-domain.vhost"
        ServerName another-domain.vhost
        ServerAlias www.another-domain.vhost


        SSLEngine on
        SSLCertificateFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/cert.pem"
        SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/privkey.pem"
        SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/fullchain.pem"
        # HSTS (mod_headers is required) (15768000 seconds = 6 months)
        # HSTS (mod_headers is required) (7884000 seconds = 3 months)
        Header always set Strict-Transport-Security "max-age=15768000"

        ...

        </VirtualHost>


        That's all the pertinent info required in your file(s) to satisfy apache(2.4). As you can see I'm 1) using "letsencrypt" as my cert provider, and 2) I'm sharing examples from one of my BSD boxes. But that only changes the root of the Apache install path. Everything from apache24 (including the folder apache24 should be identical. So if you follow along, you should be set.



        That doesn't guarantee your Certs will pass muster. But that's for a different thread. :)



        HTH







        share|improve this answer








        New contributor



        somebody is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.








        share|improve this answer



        share|improve this answer






        New contributor



        somebody is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.








        answered 11 mins ago









        somebodysomebody

        1644




        1644




        New contributor



        somebody is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.




        New contributor




        somebody is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f525536%2fapache-2-4-with-self-signed-certificates-always-redirect-to-the-default-virtual%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            mC63TCekeYj0ZcdyOIDauj0U,EFYDAbr2SOo,k8b9DqbkZ
            JTDZ w3q,nBTVIDcSk1EBBEr7N1hdl2biIFS4pSd7eBRP02ADRhQbCgow56AYPny7yjHObZF4QgUW,DyE90wkgjVmDN44sVqLKBs,7

            Popular posts from this blog

            Taj Mahal Inhaltsverzeichnis Aufbau | Geschichte | 350-Jahr-Feier | Heutige Bedeutung | Siehe auch |...

            Baia Sprie Cuprins Etimologie | Istorie | Demografie | Politică și administrație | Arii naturale...

            Nicolae Petrescu-Găină Cuprins Biografie | Opera | In memoriam | Varia | Controverse, incertitudini...