I have a very strange situation I need to solve using Apache and PHP, which is related to SSL and SNI so I’m asking in this forum. This has nothing to do with Lets Encrypt in general, but I figured here in this forum are lots of people who know about webserver SSL configuration so I might be able to get an answer there. I hope that is allowed.
I am making a web server for existing (proprietary) clients to access, so I cannot modify the clients at all. The client has an interesting bug: It sends the “Host:” header twice, with the exact same domain inside it. I worked around that by configuring Apache like this:
ServerName "my-weird-domain.com, my-weird-domain.com"
and now the weird requests using the two headers correctly work.
The client doesn’t support SNI (which is kinda stupid but well, now wasting a single IP on that service), but other than that, everything worked.
Now the client got an update. It now supports SNI. Hey, great, no longer a second IP needed.
That comes with another problem though: It still sends the duplicate host header. That means, Apache is spitting out this error:
[Sat Nov 10 16:09:48.039323 2018] [ssl:error] [pid 9104] AH02032: Hostname my-weird-domain.com provided via SNI and hostname my-weird-domain.com, my-weird-domain.com provided via HTTP are different
Now I have two goals:
First, make Apache ignore the fact that these two things don’t match, so the updated client can connect to my web service as well.
Second, if possible, I’d like to know (from within my PHP script on that domain) if a client is version 1 or 2, i.e., if it used SNI to connect to Apache or not.
Unfortunately, when I google for that error, I always get “yeah it’s a client error not a server bug” - I know it is a client error but I can’t modify the client, I need to work around that on the server somehow. And I need to know if a client is version 1 or version 2, so the PHP script needs to know if SNI was used or not, but if I search for Apache and SNI, I always get info on how to set up a vhost with SNI, which is not what I need.
As said earlier, nothing to do with Lets Encrypt, but I hope one of the guys here will still be able to help me out with this.