Apache 2.4 with self-signed certificates always redirect to the default virtual hostBinding domain name to...
Multi tool use
Improve appearance of the table in Latex
What are the current battlegrounds for people’s “rights” in the UK?
Why is oilcloth made with linseed oil?
Methodology: Writing unit tests for another developer
Why is it easier to balance a non-moving bike standing up than sitting down?
Covering index used despite missing column
What triggered jesuits' ban on infinitesimals in 1632?
Is "Busen" just the area between the breasts?
Rejecting an offer after accepting it just 10 days from date of joining
Extending prime numbers digit by digit while retaining primality
Can the pre-order traversal of two different trees be the same even though they are different?
Too early in the morning to have SODA?
What is the oldest commercial MS-DOS program that can run on modern versions of Windows without third-party software?
A word for delight at someone else's failure?
Is the continuity test limit resistance of a multimeter standard?
In the US, can a former president run again?
Is the specular reflection on a polished gold sphere white or gold in colour?
How do I professionally let my manager know I'll quit over an issue?
Is there a name for the trope when there is a moments dialogue when someone pauses just before they leave the room?
What does it cost to buy a tavern?
Drawing a second weapon as part of an attack?
Am I legally required to provide a (GPL licensed) source code even after a project is abandoned?
What are Elsa's reasons for selecting the Holy Grail on behalf of Donovan?
Subtract the Folded Matrix
Apache 2.4 with self-signed certificates always redirect to the default virtual host
Binding domain name to Apache Virtual host on VPSGenerate a certificate signing request for an SSL serverApache Virtual Host not working on Ubuntu 14.04 LTSMultiple RSA server certificates not allowedApache server does not start on CentOSCannot disable non-SNI accesses to default SSL hostApache 2.2 default virtual host for IP addressApache mod_ssl http to httpsApache2 000-Default VHost won't be choosen by a RequestHow to run apache httpd 2.4.6 with a self-signed certificate signed with an elliptic curve key brainpoolP384t1, on CentOS 7.6?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
I've been trying to make work virtual hosts with self-signed certificates with Apache 2.4. I've tried many setup combinations but no matter what, every virtual host I try in Firefox goes straight to the default one (after clearing the cache). The only error message I get is in Apache error.log (none of the subdomain virtual host logs have error messages):
`[Mon Jun 17 19:32:48.866641 2019] [ssl:debug] [pid 3084] ssl_engine_kernel.c(2122): [client 192.168.1.100:57956] AH02044: No matching SSL virtual host for servername subdomain.7d.net found (using default/first virtual host)
The current setup is an IP-based virtual hosting (one physical IP address used by the default host and many virtual IP addresses used to many virtual hosts, one-to-one). Before that Apache was using a name-based virtual hosting with just one physical IP address with the same behavior.
Every virtual host is using its own self-signed certificate, before that all virtual hosts were using a single one. No error message has been reported because of an SSL certificate. Every certificate match for its corresponding name. OpenSSL 1.1.0 was used to generate the certificates.
Besides the self-signed certificate Apache is using the Starfield Class 2 Certificate Authority.
There's no DNS server installed, there's just a /etc/hosts file, every IP address and hostname is working perfectly fine.
Apache 2.4.25 is running on Debian Stretch.
debian apache-httpd openssl ssl apache-virtualhost
add a comment |
I've been trying to make work virtual hosts with self-signed certificates with Apache 2.4. I've tried many setup combinations but no matter what, every virtual host I try in Firefox goes straight to the default one (after clearing the cache). The only error message I get is in Apache error.log (none of the subdomain virtual host logs have error messages):
`[Mon Jun 17 19:32:48.866641 2019] [ssl:debug] [pid 3084] ssl_engine_kernel.c(2122): [client 192.168.1.100:57956] AH02044: No matching SSL virtual host for servername subdomain.7d.net found (using default/first virtual host)
The current setup is an IP-based virtual hosting (one physical IP address used by the default host and many virtual IP addresses used to many virtual hosts, one-to-one). Before that Apache was using a name-based virtual hosting with just one physical IP address with the same behavior.
Every virtual host is using its own self-signed certificate, before that all virtual hosts were using a single one. No error message has been reported because of an SSL certificate. Every certificate match for its corresponding name. OpenSSL 1.1.0 was used to generate the certificates.
Besides the self-signed certificate Apache is using the Starfield Class 2 Certificate Authority.
There's no DNS server installed, there's just a /etc/hosts file, every IP address and hostname is working perfectly fine.
Apache 2.4.25 is running on Debian Stretch.
debian apache-httpd openssl ssl apache-virtualhost
What doesapache2ctl -S
show you?
– ivanivan
1 hour ago
add a comment |
I've been trying to make work virtual hosts with self-signed certificates with Apache 2.4. I've tried many setup combinations but no matter what, every virtual host I try in Firefox goes straight to the default one (after clearing the cache). The only error message I get is in Apache error.log (none of the subdomain virtual host logs have error messages):
`[Mon Jun 17 19:32:48.866641 2019] [ssl:debug] [pid 3084] ssl_engine_kernel.c(2122): [client 192.168.1.100:57956] AH02044: No matching SSL virtual host for servername subdomain.7d.net found (using default/first virtual host)
The current setup is an IP-based virtual hosting (one physical IP address used by the default host and many virtual IP addresses used to many virtual hosts, one-to-one). Before that Apache was using a name-based virtual hosting with just one physical IP address with the same behavior.
Every virtual host is using its own self-signed certificate, before that all virtual hosts were using a single one. No error message has been reported because of an SSL certificate. Every certificate match for its corresponding name. OpenSSL 1.1.0 was used to generate the certificates.
Besides the self-signed certificate Apache is using the Starfield Class 2 Certificate Authority.
There's no DNS server installed, there's just a /etc/hosts file, every IP address and hostname is working perfectly fine.
Apache 2.4.25 is running on Debian Stretch.
debian apache-httpd openssl ssl apache-virtualhost
I've been trying to make work virtual hosts with self-signed certificates with Apache 2.4. I've tried many setup combinations but no matter what, every virtual host I try in Firefox goes straight to the default one (after clearing the cache). The only error message I get is in Apache error.log (none of the subdomain virtual host logs have error messages):
`[Mon Jun 17 19:32:48.866641 2019] [ssl:debug] [pid 3084] ssl_engine_kernel.c(2122): [client 192.168.1.100:57956] AH02044: No matching SSL virtual host for servername subdomain.7d.net found (using default/first virtual host)
The current setup is an IP-based virtual hosting (one physical IP address used by the default host and many virtual IP addresses used to many virtual hosts, one-to-one). Before that Apache was using a name-based virtual hosting with just one physical IP address with the same behavior.
Every virtual host is using its own self-signed certificate, before that all virtual hosts were using a single one. No error message has been reported because of an SSL certificate. Every certificate match for its corresponding name. OpenSSL 1.1.0 was used to generate the certificates.
Besides the self-signed certificate Apache is using the Starfield Class 2 Certificate Authority.
There's no DNS server installed, there's just a /etc/hosts file, every IP address and hostname is working perfectly fine.
Apache 2.4.25 is running on Debian Stretch.
debian apache-httpd openssl ssl apache-virtualhost
debian apache-httpd openssl ssl apache-virtualhost
edited 1 hour ago
abiyi
asked 1 hour ago
abiyiabiyi
116
116
What doesapache2ctl -S
show you?
– ivanivan
1 hour ago
add a comment |
What doesapache2ctl -S
show you?
– ivanivan
1 hour ago
What does
apache2ctl -S
show you?– ivanivan
1 hour ago
What does
apache2ctl -S
show you?– ivanivan
1 hour ago
add a comment |
1 Answer
1
active
oldest
votes
"(none of the subdomain virtual host logs have error messages)"
That was (should have been) your clue. :)
There are several (conf) files in play here. I'm guessing you've (basically) omitted the extra/httpd-vhosts.conf
. Which defines all/any of your virtual hosts.
version 2.4 has become more modular than it's predecessors. So most of the old methods either don't work, or have been moved.
apache24/httpd.conf
holds global configuration, and the primary host/IP stuff.
apache24/extra/httpd-vhosts.conf
common Virtual Host definitions.
# PRIMARY (default) Vhost
# Everything is on a SECURE socket. Redirect accordingly
<VirtualHost *:80>
ServerName main-domain.vhost
Redirect permanent / https://main-domain.vhost/
</VirtualHost>
# another Vhost on same IP but with different name
<VirtualHost *:80>
ServerName another-domain.vhost
Redirect permanent / https://another-domain.vhost/
</VirtualHost>
...
####################################################################
#NameVirtualHost *:443
####################################################################
# MAIN Vhost
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/data"
ServerName main-domain.vhost
ServerAlias www.main-domain.vhost
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
# We now need to include our INDIVIDUAL/ADDITIONAL (V) hosts
# We do so thusly
# They all run on a SSL
Include etc/apache24/extra/hosts/another-domain.vhost.conf
# NOTE above, the .conf files live in a SUBdirectory of the "extra" folder (hosts)
OK Now we go on to the individual Vhosts .conf
files
apache24/extra/hosts/*.conf
apache24/extra/hosts/another-domain.vhost.conf
# # # # # # # # # # # # # # # # # # # # # # # #
# # # another-domain.vhost
# # # # # # # # # # # # # # # # # # # # # # # #
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/another-domain.vhost"
ServerName another-domain.vhost
ServerAlias www.another-domain.vhost
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
That's all the pertinent info required in your file(s) to satisfy apache(2.4). As you can see I'm 1) using "letsencrypt" as my cert provider, and 2) I'm sharing examples from one of my BSD boxes. But that only changes the root of the Apache install path. Everything from apache24
(including the folder apache24
should be identical. So if you follow along, you should be set.
That doesn't guarantee your Certs will pass muster. But that's for a different thread. :)
HTH
New contributor
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f525536%2fapache-2-4-with-self-signed-certificates-always-redirect-to-the-default-virtual%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
"(none of the subdomain virtual host logs have error messages)"
That was (should have been) your clue. :)
There are several (conf) files in play here. I'm guessing you've (basically) omitted the extra/httpd-vhosts.conf
. Which defines all/any of your virtual hosts.
version 2.4 has become more modular than it's predecessors. So most of the old methods either don't work, or have been moved.
apache24/httpd.conf
holds global configuration, and the primary host/IP stuff.
apache24/extra/httpd-vhosts.conf
common Virtual Host definitions.
# PRIMARY (default) Vhost
# Everything is on a SECURE socket. Redirect accordingly
<VirtualHost *:80>
ServerName main-domain.vhost
Redirect permanent / https://main-domain.vhost/
</VirtualHost>
# another Vhost on same IP but with different name
<VirtualHost *:80>
ServerName another-domain.vhost
Redirect permanent / https://another-domain.vhost/
</VirtualHost>
...
####################################################################
#NameVirtualHost *:443
####################################################################
# MAIN Vhost
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/data"
ServerName main-domain.vhost
ServerAlias www.main-domain.vhost
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
# We now need to include our INDIVIDUAL/ADDITIONAL (V) hosts
# We do so thusly
# They all run on a SSL
Include etc/apache24/extra/hosts/another-domain.vhost.conf
# NOTE above, the .conf files live in a SUBdirectory of the "extra" folder (hosts)
OK Now we go on to the individual Vhosts .conf
files
apache24/extra/hosts/*.conf
apache24/extra/hosts/another-domain.vhost.conf
# # # # # # # # # # # # # # # # # # # # # # # #
# # # another-domain.vhost
# # # # # # # # # # # # # # # # # # # # # # # #
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/another-domain.vhost"
ServerName another-domain.vhost
ServerAlias www.another-domain.vhost
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
That's all the pertinent info required in your file(s) to satisfy apache(2.4). As you can see I'm 1) using "letsencrypt" as my cert provider, and 2) I'm sharing examples from one of my BSD boxes. But that only changes the root of the Apache install path. Everything from apache24
(including the folder apache24
should be identical. So if you follow along, you should be set.
That doesn't guarantee your Certs will pass muster. But that's for a different thread. :)
HTH
New contributor
add a comment |
"(none of the subdomain virtual host logs have error messages)"
That was (should have been) your clue. :)
There are several (conf) files in play here. I'm guessing you've (basically) omitted the extra/httpd-vhosts.conf
. Which defines all/any of your virtual hosts.
version 2.4 has become more modular than it's predecessors. So most of the old methods either don't work, or have been moved.
apache24/httpd.conf
holds global configuration, and the primary host/IP stuff.
apache24/extra/httpd-vhosts.conf
common Virtual Host definitions.
# PRIMARY (default) Vhost
# Everything is on a SECURE socket. Redirect accordingly
<VirtualHost *:80>
ServerName main-domain.vhost
Redirect permanent / https://main-domain.vhost/
</VirtualHost>
# another Vhost on same IP but with different name
<VirtualHost *:80>
ServerName another-domain.vhost
Redirect permanent / https://another-domain.vhost/
</VirtualHost>
...
####################################################################
#NameVirtualHost *:443
####################################################################
# MAIN Vhost
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/data"
ServerName main-domain.vhost
ServerAlias www.main-domain.vhost
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
# We now need to include our INDIVIDUAL/ADDITIONAL (V) hosts
# We do so thusly
# They all run on a SSL
Include etc/apache24/extra/hosts/another-domain.vhost.conf
# NOTE above, the .conf files live in a SUBdirectory of the "extra" folder (hosts)
OK Now we go on to the individual Vhosts .conf
files
apache24/extra/hosts/*.conf
apache24/extra/hosts/another-domain.vhost.conf
# # # # # # # # # # # # # # # # # # # # # # # #
# # # another-domain.vhost
# # # # # # # # # # # # # # # # # # # # # # # #
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/another-domain.vhost"
ServerName another-domain.vhost
ServerAlias www.another-domain.vhost
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
That's all the pertinent info required in your file(s) to satisfy apache(2.4). As you can see I'm 1) using "letsencrypt" as my cert provider, and 2) I'm sharing examples from one of my BSD boxes. But that only changes the root of the Apache install path. Everything from apache24
(including the folder apache24
should be identical. So if you follow along, you should be set.
That doesn't guarantee your Certs will pass muster. But that's for a different thread. :)
HTH
New contributor
add a comment |
"(none of the subdomain virtual host logs have error messages)"
That was (should have been) your clue. :)
There are several (conf) files in play here. I'm guessing you've (basically) omitted the extra/httpd-vhosts.conf
. Which defines all/any of your virtual hosts.
version 2.4 has become more modular than it's predecessors. So most of the old methods either don't work, or have been moved.
apache24/httpd.conf
holds global configuration, and the primary host/IP stuff.
apache24/extra/httpd-vhosts.conf
common Virtual Host definitions.
# PRIMARY (default) Vhost
# Everything is on a SECURE socket. Redirect accordingly
<VirtualHost *:80>
ServerName main-domain.vhost
Redirect permanent / https://main-domain.vhost/
</VirtualHost>
# another Vhost on same IP but with different name
<VirtualHost *:80>
ServerName another-domain.vhost
Redirect permanent / https://another-domain.vhost/
</VirtualHost>
...
####################################################################
#NameVirtualHost *:443
####################################################################
# MAIN Vhost
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/data"
ServerName main-domain.vhost
ServerAlias www.main-domain.vhost
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
# We now need to include our INDIVIDUAL/ADDITIONAL (V) hosts
# We do so thusly
# They all run on a SSL
Include etc/apache24/extra/hosts/another-domain.vhost.conf
# NOTE above, the .conf files live in a SUBdirectory of the "extra" folder (hosts)
OK Now we go on to the individual Vhosts .conf
files
apache24/extra/hosts/*.conf
apache24/extra/hosts/another-domain.vhost.conf
# # # # # # # # # # # # # # # # # # # # # # # #
# # # another-domain.vhost
# # # # # # # # # # # # # # # # # # # # # # # #
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/another-domain.vhost"
ServerName another-domain.vhost
ServerAlias www.another-domain.vhost
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
That's all the pertinent info required in your file(s) to satisfy apache(2.4). As you can see I'm 1) using "letsencrypt" as my cert provider, and 2) I'm sharing examples from one of my BSD boxes. But that only changes the root of the Apache install path. Everything from apache24
(including the folder apache24
should be identical. So if you follow along, you should be set.
That doesn't guarantee your Certs will pass muster. But that's for a different thread. :)
HTH
New contributor
"(none of the subdomain virtual host logs have error messages)"
That was (should have been) your clue. :)
There are several (conf) files in play here. I'm guessing you've (basically) omitted the extra/httpd-vhosts.conf
. Which defines all/any of your virtual hosts.
version 2.4 has become more modular than it's predecessors. So most of the old methods either don't work, or have been moved.
apache24/httpd.conf
holds global configuration, and the primary host/IP stuff.
apache24/extra/httpd-vhosts.conf
common Virtual Host definitions.
# PRIMARY (default) Vhost
# Everything is on a SECURE socket. Redirect accordingly
<VirtualHost *:80>
ServerName main-domain.vhost
Redirect permanent / https://main-domain.vhost/
</VirtualHost>
# another Vhost on same IP but with different name
<VirtualHost *:80>
ServerName another-domain.vhost
Redirect permanent / https://another-domain.vhost/
</VirtualHost>
...
####################################################################
#NameVirtualHost *:443
####################################################################
# MAIN Vhost
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/data"
ServerName main-domain.vhost
ServerAlias www.main-domain.vhost
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/main-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
# We now need to include our INDIVIDUAL/ADDITIONAL (V) hosts
# We do so thusly
# They all run on a SSL
Include etc/apache24/extra/hosts/another-domain.vhost.conf
# NOTE above, the .conf files live in a SUBdirectory of the "extra" folder (hosts)
OK Now we go on to the individual Vhosts .conf
files
apache24/extra/hosts/*.conf
apache24/extra/hosts/another-domain.vhost.conf
# # # # # # # # # # # # # # # # # # # # # # # #
# # # another-domain.vhost
# # # # # # # # # # # # # # # # # # # # # # # #
<VirtualHost *:443>
ServerAdmin me@localhost
DocumentRoot "/usr/local/www/another-domain.vhost"
ServerName another-domain.vhost
ServerAlias www.another-domain.vhost
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/another-domain.vhost/fullchain.pem"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
# HSTS (mod_headers is required) (7884000 seconds = 3 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
That's all the pertinent info required in your file(s) to satisfy apache(2.4). As you can see I'm 1) using "letsencrypt" as my cert provider, and 2) I'm sharing examples from one of my BSD boxes. But that only changes the root of the Apache install path. Everything from apache24
(including the folder apache24
should be identical. So if you follow along, you should be set.
That doesn't guarantee your Certs will pass muster. But that's for a different thread. :)
HTH
New contributor
New contributor
answered 11 mins ago
somebodysomebody
1644
1644
New contributor
New contributor
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f525536%2fapache-2-4-with-self-signed-certificates-always-redirect-to-the-default-virtual%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
mC63TCekeYj0ZcdyOIDauj0U,EFYDAbr2SOo,k8b9DqbkZ
What does
apache2ctl -S
show you?– ivanivan
1 hour ago