I am using Certbot to generate Letsencrypt certs for two sites. The first site (terranforge.com ) received a self-signed certificate. The second site (ignisferrum.com ) worked as intended.
My domain is:
ignisferrum.com & terranforge.com
I ran this command:
certbot-2 --apache -d ignisferrum.com
certbot-2 --apache -d terranforge.com
It produced this output:
terranforge.com : https://pastebin.com/93cRdJ4L
ignisferrum.com : https://pastebin.com/s8hB8t8G
My web server is (include version):
httpd-2.4.6-90.el7.centos.x86_64
The operating system my web server runs on is (include version):
CentOS 7 - 3.10.0-1062.18.1.el7.x86_64
My hosting provider, if applicable, is:
name.com for DNS
Linode for Server Hosting
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes. Standard SSH port, IP-restricted, Pubkey only.
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No.
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
certbot 1.3.0
Apache Re-direct & VHost Rules
#####################
# DENY BY DIRECT IP #
#####################
<VirtualHost *:80>
ServerName 45.56.116.234
Redirect 403 /
ErrorDocument 403 "Sorry, direct IP access not allowed."
ServerAdmin striker@terranforge.com
UseCanonicalName Off
UserDir disabled
</VirtualHost>
###################
# TERRANFORGE.COM #
###################
<VirtualHost *:80>
ServerName terranforge.com
ServerAlias terranforge.com
ServerAdmin striker@terranforge.com
DocumentRoot "/var/www/terranforge.com"
RewriteEngine on
RewriteCond %{SERVER_NAME} =terranforge.com [OR]
RewriteCond %{SERVER_NAME} =www.terranforge.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<Directory "/var/www/terranforge.com">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
###################
# IGNISFERRUM.COM #
###################
<VirtualHost *:80>
ServerName ignisferrum.com
ServerAlias ignisferrum.com
ServerAdmin striker@terranforge.com
DocumentRoot "/var/www/ignisferrum.com"
RewriteEngine on
RewriteCond %{SERVER_NAME} =ignisferrum.com [OR]
RewriteCond %{SERVER_NAME} =www.ignisferrum.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<Directory "/var/www/ignisferrum.com">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
############################
# LETSENCRYPT STUFF! #
############################
Include /etc/httpd/conf/httpd-le-ssl.conf
Hi @striker
so your shared configuration doesn't work as intended.
What says
apachectl -S
[root@terranforge ~]# apachectl -S
[root@terranforge ~]#
CentOS -> httpd instead of apachectl.
[root@terranforge conf]# httpd -S
[Sun Apr 19 09:15:04.297403 2020] [so:warn] [pid 12723] AH01574: module rewrite_module is already loaded, skipping
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 45.56.116.234 (/etc/httpd/conf/httpd.conf:84)
port 80 namevhost 45.56.116.234 (/etc/httpd/conf/httpd.conf:84)
port 80 namevhost terranforge.com (/etc/httpd/conf/httpd.conf:97)
alias terranforge.com
port 80 namevhost www.terranforge.com (/etc/httpd/conf/httpd.conf:107)
port 80 namevhost ignisferrum.com (/etc/httpd/conf/httpd.conf:122)
alias ignisferrum.com
port 80 namevhost www.ignisferrum.com (/etc/httpd/conf/httpd.conf:132)
*:443 is a NameVirtualHost
default server terranforge.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost terranforge.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost terranforge.com (/etc/httpd/conf/httpd-le-ssl.conf:2)
alias terranforge.com
port 443 namevhost ignisferrum.com (/etc/httpd/conf/httpd-le-ssl.conf:18)
alias ignisferrum.com
port 443 namevhost www.ignisferrum.com (/etc/httpd/conf/httpd-le-ssl.conf:34)
port 443 namevhost www.terranforge.com (/etc/httpd/conf/httpd-le-ssl.conf:44)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
There
port 80 namevhost name alias same name
is duplicated. Remove these duplicated definitions.
Duplicated definitions, every combination of port and domain name must be unique.
Thanks for the command. I think I see the issue. HTTPS is loading /etc/httpd/conf.d/ssl.conf instead of /etc/httpd/conf/httpd-le-ssl.conf.
Thanks for your help. By commenting out the VirtualHost within /etc/httpd/conf.d/ssl.conf, I was able to resolve the issue. Apache was mixing up the default host with the server’s hostname and what was listed between both SSL configurations.
My re-directs are also working, however I had to recall certbot for Alternative Names:
certbot-2 --apache -d ignisferrum.com,www.ignisferrum.com
certbot-2 --apache -d terranforge.com,www.terranforge.com
My re-directs are working as below:
http://www.ignisferrum.com/ > https://ignisferrum.com
http://ignisferrum.com/ > https://ignisferrum.com
https://www.ignisferrum.com > https://ignisferrum.com
http://www.terranforge.com/ > https://terranforge.com
http://terranforge.com/ > https://terranforge.com
https://www.terranforge.com > https://terranforge.com
Thanks again for your help.
system
Closed
May 19, 2020, 9:30am
10
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.