Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: I haven’t ran anything yet but I will explain in the output field what I want to accomplish. Before I do any changes I want to be sure I’m doing it good.
It produced this output: I have 1 domain with SLL certificate, and another domain (that I activated recently) without SSL. Both domains are on one IP address. I want to switch from HTTP to HTTPS on that second domain (salonkristina.hr).
I just wanted to ask what are the constraints (if any) and what I should pay attantion before doing any chages? Should I just follow steps on e.g. “zerossl”?
I just wanna make sure I won’t mess up something. Thank you in advance
My web server is (include version): Apache/2.4.18 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Putty + WinSCP
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0
You should be able to do what you intend without much trouble.
Apache 2.4.18 supports SNI which is the only real requirement to support HTTP, or HTTPS, for multiple names on the same IP.
[you are probably already serving multiple HTTP sites there - HTTPS is only adding TLS to an HTTP config (and changing the port to 443)]
You should consider automation into your design/setup.
Using “zerossl” may work but might be a very “manual” process [that will have to be repeated every 90 days (or less)].
Consider using an ACME client that can also renew your certs automatically (before they expire).
The first step should be to insure that each domain name is being correctly and independently handled (in HTTP).
Note: Domain names may also include their “www” spelling.
Try reviewing the output of: apachectl -S
Hi rg305, this is the output I’ve got:
VirtualHost configuration:
*:443 is a NameVirtualHost
default server prominenthair.hr (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost prominenthair.hr (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost prominenthair.hr (/etc/apache2/sites-enabled/prominenthair.hr.conf:6)
alias www.prominenthair.hr
*:80 is a NameVirtualHost
default server prominenthair.hr (/etc/apache2/sites-enabled/prominenthair.hr.conf:1)
port 80 namevhost prominenthair.hr (/etc/apache2/sites-enabled/prominenthair.hr.conf:1)
port 80 namevhost salonkristina.hr (/etc/apache2/sites-enabled/salonkristina.hr.conf:1)
alias www.salonkristina.hr
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33
I would also add that the first domain (with HTTPS) is a Wordpress website, and the other domain just plain html+css static website without a database.
Some further instructions would be really appreciated because I have no clue what I should be doing next. Thank you in advance
You definitely don't need two vhost configs for the same name.
Furthermore you are probably getting unexpected results; as the server will go down the code and stop on the first match and never execute anything else (from the second match).
So you must have only one match.
This we agree on.
Which parts to move is up to you.
But if you are asking me, I would include all from both (removing any redundancy).
Start there and see how that goes.
Before I was going to do any changes I wanted to check once again
root@www:~# apachectl –S
But this time I’ve got this:
Usage: /usr/sbin/apache2 [-D name] [-d directory] [-f file]
[-C “directive”] [-c “directive”]
[-k start|restart|graceful|graceful-stop|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-T] [-S] [-X]
Options:
-D name : define a name for use in directives
-d directory : specify an alternate initial ServerRoot
-f file : specify an alternate ServerConfigFile
-C “directive” : process directive before reading config files
-c “directive” : process directive after reading config files
-e level : show startup errors of level (see LogLevel)
-E file : log startup errors to file
-v : show version number
-V : show compile settings
-h : list available command line options (this page)
-l : list compiled in modules
-L : list available configuration directives
-t -D DUMP_VHOSTS : show parsed vhost settings
-t -D DUMP_RUN_CFG : show parsed run settings
-S : a synonym for -t -D DUMP_VHOSTS -D DUMP_RUN_CFG
-t -D DUMP_MODULES : show all loaded modules
-M : a synonym for -t -D DUMP_MODULES
-t : run syntax check for config files
-T : start without DocumentRoot(s) check
-X : debug mode (only one worker, do not detach) Action ‘–S’ failed. The Apache error log may have more information.
Cuurently:
root@www:/etc/apache2/sites-available# ls
000-default.conf
000-default.conf.dpkg-dist
000-default-le-ssl.conf
default-ssl.conf
prominenthair.hr.conf
prominenthair.hr-le-ssl.conf
salonkristina.hr.conf
Any idea why ‘apachectl –S’ didn’t give the desired output, VirtualHost configuration?
The -S in your command is not really a -S.
If you look really really really closely…
The “dash” in front of your S is really actually two dashes combined into one “dash type symbol”.
Try it with just one single dash.
/etc/apache2/sites-available# apachectl -S
VirtualHost configuration:
*:443 prominenthair.hr (/etc/apache2/sites-enabled/000-default-le-ssl.conf:9)
*:80 is a NameVirtualHost
default server prominenthair.hr (/etc/apache2/sites-enabled/000-default-le-ssl.conf:4)
port 80 namevhost prominenthair.hr (/etc/apache2/sites-enabled/000-default-le-ssl.conf:4)
port 80 namevhost salonkristina.hr (/etc/apache2/sites-enabled/salonkristina.hr.conf:1)
alias www.salonkristina.hr
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33
/sites-available# ls
000-default.conf 000-default.conf.dpkg-dist 000-default-le-ssl.conf default-ssl.conf salonkristina.hr.conf
I guess now that part is solved, so now I can use certbot to create the HTTPS vhost config file for the second domain from the present HTTP vhost config file “salonkristina.hr.conf”?
Also, for some reason if you look closely with the sites-available output I got:
‘alias www.salonkristina.hr’
but there’s no ‘alias www.prominenthair.hr’ mentioned even though it’s defined in the conf. file WEIRD
So I should just remove those three rows? It’s some kind of redundancy? (PS I just copied what I found in there)
“You are confusing “sites-available” with “sites-enabled”.” -> What do you mean by that?
All of the above conf. files were already enabled or have been enabled…
I didn’t know about the two folders…i thought it’s one folder where after you’re happy with the file you just have to enable it and reload apache. I googled it so now I understand the subject a little more…
That’s because we focused on the problem you mentioned in the first reply “This seems conflicting; as the same name appears in more than one vhost config file:”
Now, that this is solved I can focus on getting SSL for the second domain.
In the cerbot instruction there are steps described on how to get certificate for the first time…
But because I have this specific situation where one domain has SSL certificate, and the other not, can you please forward me to some more helpfull instructions?