One IP for multiple domain

Dear Let’s Encrypt community,
on a server that I administer, I got the follow problem
I need to generate and install a certificate for every domain of my server with unique IP
So i read some topics of this good forum and

First domain www.megamenu.it
*** MY PROCEDURE ****
[root@host31-66-46-89 letsencrypt]# ./certbot-auto certonly -d www.megamenu.it
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.
Syntax error on line 57 of /etc/httpd/conf/httpd-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.megamenu.it/cert.pem’ does not exist or is empty
How would you like to authenticate with the ACME CA?


1: Apache Web Server plugin (apache) [Misconfigured]
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)


Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.megamenu.it/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.megamenu.it/privkey.pem
    Your cert will expire on 2019-07-17. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again. To non-interactively renew all of your certificates, run
    “certbot-auto renew”

*** SETTING in http.conf domain megamenu.it ****

<VirtualHost 89.46.66.31:443>
ServerAdmin webmaster@creonet.it
DocumentRoot //var/www/html/megamenu.it/home
ServerName www.megamenu.it
ErrorLog logs/www.megamenu.it.new-error_log
CustomLog logs/www.megamenu.it.new-access_log combined
ServerAlias megamenu.it
<Directory “//var/www/html/megamenu.it/home”>
AllowOverride All
Options Includes FollowSymLinks
AddOutputFilter Includes html
Order allow,deny
Allow from all

SSLCertificateFile /etc/letsencrypt/live/www.megamenu.it/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.megamenu.it/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/www.megamenu.it/chain.pem

Second domain www.creonet.it
*** MY PROCEDURE ****
[root@host31-66-46-89 letsencrypt]# ./certbot-auto certonly -d www.creonet.it
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.
Syntax error on line 35 of /etc/httpd/conf/httpd-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.creonet.it/cert.pem’ does not exist or is empty
How would you like to authenticate with the ACME CA?


1: Apache Web Server plugin (apache) [Misconfigured]
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)


Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.creonet.it/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.creonet.it/privkey.pem
    Your cert will expire on 2019-07-17. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again. To non-interactively renew all of your certificates, run
    “certbot-auto renew”

*** SETTING in http.conf domain creonet.it ****

<VirtualHost 89.46.66.31:443>
ServerAdmin webmaster@creonet.it
DocumentRoot //var/www/html/creonet.it/home
ServerName www.creonet.it
ErrorLog logs/www.creonet.it.new-error_log
CustomLog logs/www.creonet.it.new-access_log combined
ServerAlias creonet.it
<Directory “//var/www/html/creonet.it/home”>
AllowOverride All
Options Includes FollowSymLinks
AddOutputFilter Includes html
Order allow,deny
Allow from all

SSLCertificateFile /etc/letsencrypt/live/www.creonet.it/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.creonet.it/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/www.creonet.it/chain.pem

domain www.creonet.it it’s OK
domain www.megamenu.it have problem

Last information !!
with apachectl restart
i receive the follow message
[warn] VirtualHost 89.46.66.31:443 overlaps with VirtualHost 89.46.66.31:443, the first has precedence, perhaps you need a NameVirtualHost directive

Can you help me ??
where is the problem ??

Hi @giuscava

ip based definitions must be unique. So use

<VirtualHost *:443>
ServerName  www.megamenu.it
...
</VirtualHost>

<VirtualHost *:443>
ServerName  www.creonet.it
...
</VirtualHost>

then check the result with

apachectl -S

[root@host31-66-46-89 letsencrypt]# apachectl -S
[Thu Apr 18 22:28:27 2019] [warn] default VirtualHost overlap on port 443, the first has precedence
[Thu Apr 18 22:28:27 2019] [warn] default VirtualHost overlap on port 443, the first has precedence
VirtualHost configuration:
89.46.66.31:80 is a NameVirtualHost
default server 89.46.66.31 (/etc/httpd/conf/httpd.conf:1076)
port 80 namevhost 89.46.66.31 (/etc/httpd/conf/httpd.conf:1076)
port 80 namevhost www.700immobiliare.it (/etc/httpd/conf/httpd.conf:1100)
alias 700immobiliare.it
wild alias *.700immobiliare.it
port 80 namevhost …
port 80 namevhost …

wildcard NameVirtualHosts and default servers:
default:443 89.46.66.31 (/etc/httpd/conf.d/ssl.conf:76)
*:443 www.creonet.it (/etc/httpd/conf/httpd-le-ssl.conf:2)
*:443 www.megamenu.it (/etc/httpd/conf/httpd-le-ssl.conf:43)

always
https://www.creonet.it = it’s ok
https://www.megamenu.it = problem !!
Where is the problem ??
How can I solve ??

Check that output - https://check-your-website.server-daten.de/?q=megamenu.it

There is a wrong redirect

https://www.megamenu.it/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
	302
	https://www.creonet.it/contatti.html

Looks like https + www uses the wrong vHost.

Where is that redirect rule defined?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.