Installation problem (Debian 7, apache2)

vc02 · January 12, 2017, 8:00pm

Hello!
I'm using the webroot plugin with apache2 and Debian 7 (latest).

I can't use the auto procedure because DNS problem: NXDOMAIN looking up A for xxx

-No problem- I prefer the webroot. BUT

With webroot I get the certificate but I can't install it into my apache files.

Here is the problem:
when I update my config file for secure SUBDOMAIN on SITE1
SITE2 (another virtualhost) is using that same certificate (from SITE1) and of course Chrome reports it.

What am I doing wrong? A Big thank you!

/etc/apache2/sites-enabled/mysubdomain.site1.ovh
SITE 1 (I would like an https subdomain for that site)

<VirtualHost *:443>
ServerAdmin myemail
ServerName mysubdomain.mydomain.com
ServerAlias mysubdomain.mydomain.com
DocumentRoot /home/mypath

<IfModule mod_headers.c>
 RequestHeader unset Proxy
 </IfModule>

 <Directory /home/mypath>
 Options -Indexes FollowSymLinks MultiViews
 AllowOverride All
 </Directory>

 LogLevel warn
 CustomLog /var/log/apache2/mypath-secure-access.log combined env=!local
 ServerSignature Off

 SSLCertificateFile /etc/letsencrypt/live/secure.mysite.ovh/fullchain.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/secure.mysite.ovh/privkey.pem
 Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>
</IfModule>

SITE2 (I don't want that site to use that certificate, I will use a new certificate later)
/etc/apache2/sites-enabled/site2.ovh

<VirtualHost *:80>
        ServerAdmin myemail
        ServerName mysite
        ServerAlias www.mysite
        DocumentRoot /home/mypath/www/
        <Directory /home/mypath/www/>
                Options -Indexes FollowSymLinks MultiViews
                AllowOverride All
 <IfModule mod_expires.c>
 <FilesMatch "\.(jpe?g|png|gif)$">
 ExpiresActive On
 ExpiresDefault "access plus 7 days"
 </FilesMatch>
 </IfModule>
        </Directory>
        LogLevel warn
 ScriptAlias /cgi-bin/ /home/mypath/cgi-bin/

        CustomLog /var/log/apache2/mypath-access.log combined env=!local
        ServerSignature Off
 RewriteEngine on
 RewriteCond %{HTTP_HOST}        !^www.*$
 RewriteRule ^(.*)   http://www.%{HTTP_HOST}$1  [L,R=301]
 RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,9}$|^$)
 RewriteRule .* - [F]
 </VirtualHost>

Result: SITE2 is using the certificate from site1 when I try https://www.site2

THANK YOU

Osiris · January 12, 2017, 8:44pm

Site 2 doesn’t have any SSL at all… So: don’t surf to site2 using https (because it’s not enabled) will “fix” your problem

vc02 · January 12, 2017, 8:47pm

Of course! but what will happen if Google tries to crawl it, or if a user tries to connect with "https"?

The browser should show "connection refused" as usual (or redirect to http), but shouldn't try to use https.

This server could not prove that it is www.site2.com; its security certificate is from securesite1.ovh. This may be caused by a misconfiguration or an attacker intercepting your connection. Learn more.

system · February 11, 2017, 9:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.