Configuration | apache server / SNI


#1

hi,
I’m setting my multi domain vds vhost.
(1 webroot / 1 IP)
as apache have been builded from source I create my certs by
certbot certonly …

And now I’m trying to set apache’s configuration file
but as soon as I tried my now conf apache stop to answer on :80 and doesn’t reply to :443, i have no message in error.log
and configtest succed

I tried many test without succeded

thats was my last test

httpd.conf

Listen 80
ServerName vds88.hiwit.net:80
…
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-ssl.conf

extra/httpd-vhost

NameVirtualHost 88.88.88.88
<VirtualHost 88.88.88.88>
	SuexecUserGroup vpopmail vchkpw
	DocumentRoot /home/hiwit/www
	ServerName vds88.hiwit.net
	AddHandler application/x-httpd-php55 .php
	ScriptAlias /cgi-bin/ /home/hiwit/cgi-bin/
	Redirect /cgi-bin/qmailadmin http://vds88.hiwit.net/cgi-bin/qmailadmin.cgi
</VirtualHost>


# Include the virtual host configurations:
Include /usr/local/apache2/conf/sitesup/
Include /usr/local/apache2/conf/sitesssl/

extra/http-ssl.conf
Listen 88.88.88.88:443
NameVirtualHost 88.88.88.88:443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

SSLMutex  "file:/usr/local/apache2/logs/ssl_mutex"

SSLStrictSNIVHostCheck off

SSLProtocol all -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder On
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

sitesup/domain1, sitesup/domain2

<VirtualHost 88.88.88.88:80>
	SuexecUserGroup site999 users
	ServerAdmin postmaster@domain1.com
	ServerName www.domain1.com
	DocumentRoot /home/site999/web
	ServerAlias *.domain1.com domain1.com
	RewriteEngine on
	[…]
</Virtualhost>

sitesssl/domain1, sitesssl/domain2

<VirtualHost 88.88.88.88:443>
	SuexecUserGroup site999 users
	ServerAdmin postmaster@domain1.com
	ServerName www.domain1.com
	DocumentRoot /home/site999/web
	ServerAlias *.domain1.com domain1.com

	SSLEngine on
	SSLCertificateFile      /etc/letsencrypt/live/domain1.com/chain.pem
	SSLCertificateChainFile /etc/letsencrypt/live/domain1.com/chain.pem
	SSLCertificateKeyFile   /etc/letsencrypt/live/maceinturecuir.com/privkey.pem
	RewriteEngine on
	[…]
</Virtualhost>

Of course I modified some information as IP

Could see my mistake?

(apache 2.2, open ssl1.0f)


#2

With the changes you have edited in the configs it’s difficult to be certain.

For the domain vds88.hiwit.net this does listen on both port 80 and 443 - however you do have redirects; also it’s not using the Let’s Encrypt certificate ( but does have a valid certificate).

What do you want to achieve ?


#3

thanks for your answer and your help,

Let me know If I can give you any more detail to help to understand situation.
I didn’t want to publish all complete conf file.

About vds88.hiwit.net
hiwit.net is the hosting compagny.
&
vds88.hiwit.net is pointing my vds
but if fact aren’t use for public

What are use for public are domain1, domain2,…
each of those domain get

  • separate conf file in both sitesup/ and sitesssl/
  • valid Let’s Encrypt certificate done by certbot certonly …

So what i want is getting a server replying for each domain (domain1, domain2, …)
on both protocol http and https


#4

Are you happy to post your actual files ( rather than edited). pastebin.com is probably easier.

I’m not sure if the changes to lines like

NameVirtualHost 88.88.88.88

are from your edit, or that’s what you really have. Normally I’d expect a port (and often not an IP)

NameVirtualHost *:80


#5

I guess your are talking about

If fact this part have been set by host company, at installation and is working without my coniguration.

one precision:
I’m using for my website domain1,domain2,…
But vds88.hiwit.net have been set by host company, and are use only for VDS’s administration on both protocol.

So i need
vds88.hiwit.net on both protocol and with its own self-signed certificate
domain1,domain2, .net on both protocol and with Let’s encrypt certificate


#6

Yes that’s what I’m talking about. Where the IP address is obviously changed / edited. With lots of edits I find it difficult to ignore the “obvious errors” caused by the edits, and what are the real issues prior to edits - hence asking for the unedited file (in pastebin.com or somewhere where it’s only temporary ).

are domain1, domain2 etc completely indent ( in terms of domain name ) to hiwit.net ? and they are just pointing directly to your local server I assume ?


#7

were can I send you personnal message?


#8

You can send a PM by clicking on my name and selecting “message”


#9

One error (that may stop apache loading properly, I’m not certain) and I could see more clearly from the full files, is that you use the incorrect files in the SSLCertificateFile

SSLCertificateFile /etc/letsencrypt/live/domain1.com/chain.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain1.com/chain.pem

in all of the SSL configs. for apache <2.4.8 these should be

SSLCertificateFile /etc/letsencrypt/live/domain1.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain1.com/chain.pem


#10

thanks I 'll test tonight and feedback

I’ll also test to comment to part to vds88.hiwit.net
in order to check if these part isn’t messing everything

NameVirtualHost 88.88.88.88
<VirtualHost 88.88.88.88>
SuexecUserGroup vpopmail vchkpw
DocumentRoot /home/hiwit/www
ServerName vds88.hiwit.net
AddHandler application/x-httpd-php55 .php
ScriptAlias /cgi-bin/ /home/hiwit/cgi-bin/
Redirect /cgi-bin/qmailadmin http://vds88.hiwit.net/cgi-bin/qmailadmin.cgi
</VirtualHost>

#11

BIG thank you to you @serveco

you was right the wrong file broke everything!

:relaxed:


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.