root@wordpress-ubuntu-s-1vcpu-1gb-nyc1-01:/etc/apache2/sites-available# cat /etc/apache2/sites-available/000-default.conf
# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName silverstreamsynergy.com
ServerAlias www.silverstreamsynergy.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =silverstreamsynergy.com [OR]
RewriteCond %{SERVER_NAME} =www.silverstreamsynergy.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
root@wordpress-ubuntu-s-1vcpu-1gb-nyc1-01:/etc/apache2/sites-available# cat /etc/apache2/sites-available/000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName silverstreamsynergy.com
ServerAlias www.silverstreamsynergy.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =silverstreamsynergy.com [OR]
# RewriteCond %{SERVER_NAME} =www.silverstreamsynergy.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias gro-usa.com
ServerAlias www.gro-usa.com
SSLCertificateFile /etc/letsencrypt/live/gro-usa.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/gro-usa.com-0001/privkey.pem
</VirtualHost>
</IfModule>
root@wordpress-ubuntu-s-1vcpu-1gb-nyc1-01:/etc/apache2/sites-available#
Contents of
/etc/apache2/sites-available/000-default.conf
and
/etc/apache2/sites-available/000-default-le-ssl.conf
1 Like
Baby steps...
If anything goes wrong in this process, please stop and let us know.
First, put the following into /etc/apache2/sites-available/gro-usa.com.conf
# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName gro-usa.com
ServerAlias www.gro-usa.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Second, enable the new site
sudo a2ensite gro-usa.com.conf
Third, reload apache (note that you won't have https after this point yet):
sudo apachectl -k graceful
Fourth, install the correct certificate
sudo certbot --cert-name gro-usa.com --apache -d "gro-usa.com,www.gro-usa.com" --keep
You might need to reload apache again per the previous instruction.
Fifth, delete the unneeded certificate
sudo certbot delete --cert-name www.gro-usa.com
2 Likes
I do not have a /etc/apache2/sites-available/gro-usa.com.conf
file so I just created it using nano and pasted the contents you told me into it.
After I run sudo a2ensite gro-usa.com.conf
it tells me To activate the new configuration, you need to run: system reload apache2
(shown in terminal above). I ran up to the sudo apachectl -k graceful
line but it gave me an error (shown in terminal above).
1 Like
That error is normal. I know how weird that sounds.
1 Like
Wow, everything works now. I can't thank you enough, you have been a godsend. I am utmost grateful and appreciative. If you have a venmo I would like to tip you.
Could you maybe explain what was going wrong here? Or atleast how you knew the problem? I would love to know if you can. Thanks!
1 Like
Thanks much!
All your redirects are looking great now too!
I sent you a PM.
You had the wrong server name in your configuration.
Thanks again. You've alleviated a lot of stress. I appreciate everything.
1 Like
Osiris
April 2, 2021, 5:58am
30
rileyodonnell:
but it gave me an error
griffin:
That error is normal.
Well, it's actually a warning . And I don't think it's normal . However, it doesn't have to be a problem.
1 Like
I've seen that warning in almost every apache-related topic with which I've been involved. It's completely expected when there's no globally-declared server name. Never seen it to be a problem, but I admit that I'm unaware of any potential issues it might cause.
1 Like
system
Closed
May 2, 2021, 6:53am
32
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.