000-default-le-ssl.conf not working for 2 domains

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: abc.com xyz.org ** these are not the actual names

My web server is (include version):apache

The operating system my web server runs on is (include version): ubuntu 18.04.4

My hosting provider, if applicable, is: single server on my home network.

I can login to a root shell on my machine (yes or no, or I don’t know):yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using
Certbot): certbot-auto 1.5.0

sudo apachectl -S
notrealuser@Ubuntu11:/etc/apache2/sites-enabled$ sudo apachectl -S
[Thu Jul 02 13:16:05.108106 2020] [so:warn] [pid 3073] AH01574: module php7_module is already loaded, skipping
VirtualHost configuration:
*:80 is a NameVirtualHost
default server abc.com (/etc/apache2/sites-enabled/000-default-le-ssl-le-ssl.conf:2)
port 80 namevhost abc.com (/etc/apache2/sites-enabled/000-default-le-ssl-le-ssl.conf:2)
alias www.abc.com
port 80 namevhost xyz.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
alias www.xyz.org
port 80 namevhost abc.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:44)
alias www.abc.com
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

000-default-le-ssl.conf:

ServerAdmin webmaster@localhost DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

ServerName xyz.org
ServerAlias www.xyz.org
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/xyz.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xyz.org/privkey.pem

RewriteEngine on
RewriteCond %{SERVER_NAME} =xyz.org [OR]
RewriteCond %{SERVER_NAME} =www.xyz.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName abc.com
ServerAlias www.abc.com
DocumentRoot /var/www/abc.com/html
RewriteEngine on
RewriteCond %{SERVER_NAME} =abc.com [OR]
RewriteCond %{SERVER_NAME} =www.abc.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

000-default-le-ssl-le-ssl.conf:

ServerAdmin webmaster@localhost ServerName abc.com ServerAlias www.abc.com DocumentRoot /var/www/abc.com/html

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/abc.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/abc.com/privkey.pem

When I enter abc.com in my browser it works correctly.

When I enter xyz.org in my browser it redirects to abc.com and shows cert not valid because it’s xyz.org cert.

This makes no sense.
It should either fail before it redirects or is redirecting to a name that is serving a cert that doesn’t match.
But that contradicts:

It is not easy to help without names.
As you see, you are not getting a lot of response to your post.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.