Both abc.com and xyz.com are hosted elsewhere so the DNS is configured to use the Elastic IP of the EC2 instance.
Server locations are: /var/www/vhosts/abc and /var/www/vhosts/xyz.
Virtual hosts are configured on /etc/httpd/conf/httpd.conf (I’ll provide the settings below).
Both instances ran perfectly on http so I moved on to installing certificates based on the instructions given in AWS and here.
It was a little painful process but I somehow managed to get the certificates created for both in /etc/letsencrypt/live/.
After that I configured the http.conf file to add the virtual hosts for the port 443 and tried to access the sites
Things started to behave erratically. One site would work fine and the other wouldn’t. After a while the one worked well stopped working and the other started to work OK.
I also noticed that when I try the AWS Pubic IP, it’s now pointing to one of those sites (it shouldn’t).
I’m now trying to remove everything and redo it. My guess is that I ran certbot once before configuring the vhosts so it has installed a certificate on the web root (/var/www/html). Could someone kindly explain the steps I need to follow to get this right? Please also explain if I need to move the vhosts folder to /var/www/html as it seems to be the web root folder, not /var/www. Here are my virtual hosts settings:
<VirtualHost *:80>
DocumentRoot "/var/www/vhosts/xyz"
ServerName "newsletter.xyz.com"
ServerAlias "newsletter.xyz.com"
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/vhosts/xyz>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from All
</Directory>
Somewhere in your Apache configuration… I’m not familiar with where Amazon Linux puts things but probably somewhere under /etc/httpd/conf/ or /etc/httpd/conf.d/ I guess?
Oh sorry I thought you were referring to something other than those settings. No not the main config file but when I ran the command httpd -S it throws out below:
…
VirtualHost configuration:
*:80 is a NameVirtualHost
default server newsletter.abc.com (/etc/httpd/conf/httpd.conf:50)
port 80 namevhost newsletter.abc.com (/etc/httpd/conf/httpd.conf:50)
alias newsletter.abc.com
port 80 namevhost newsletter.xyz.com (/etc/httpd/conf/httpd.conf:66)
alias newsletter.xyz.com
*:443 ip-172-31-3-62.xx-xxx-1.compute.internal (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
…
There are more lines. I only copied the first part of it. Does that mean I’ve to make those virtual host entries as NameVirtualHost *:80 instead of VirtualHost *:80?
As it’s a brand new instance it is probably quicker for me to rebuild everything. Is there any guideline available that I can follow? I mean for an installation with multiple domains. If I’m not mistaken Amazon Linux is a build based on Fedora so the structure and commands are more or less the same as Fedora/RedHat/CentOS. Many thanks in advance.
No. There's a line somewhere in your configuration that is literally
NameVirtualHost *:80
That activates name-based virtual hosting on port 80 so that you can have multiple <VirtualHost *:80> virtual hosts on port 80 and Apache can select the correct one based on the host name. It looks like you need to activate the same functionality for port 443 by adding the line
NameVirtualHost *:443
I'm just not sure exactly where you should add it. Perhaps in /etc/httpd/conf.d/ssl.conf or somewhere like that?
Didn’t work I’m afraid. This is what the message I got when I restarted apache:
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/ssl.conf:6
I’m going to remove Apache and reinstall it as it would be quicker than troubleshooting this. I found these two guides through the original guide I’ve followed. Could you be so kind to confirm if they contain the correct steps? I know I’m asking a lot. They are here and here.
Please also confirm these if it’s better to apply one domain (subdomain in my case) at a time than trying to apply it for all? I think this is where I got it wrong last time.
I wouldn't say either approach is universally better, but in your case it may be relevant that if you do all your (sub)domains at once, you'll get a single certificate covering all domains, which might remove some complications with getting each virtual host to use the right certificate.
I tried that tutorial first but it didn’t work for me. After your reply, I visited the Certbot site and managed to figure out how to do it properly. There were a couple of issues with my virtual hosts configurations too. As it’s a new instance, I rebuilt it and everything is working smoothly now. Many thanks for all directions.