Using Webmin with Virtual Hosts... something wrong with one of the certs

I would not just assume anything.
Compare them against each other.
See what they are trying to do and pick (or merge them if needed into just) one file.

so line 56 in conf.d/ssl.conf is
<VirtualHost _default_:443>

to me that’s fine, right?

i’m just noticing now that the conf.d/ssl.conf is listed twice there… in your initial “boom found it” post

It uses the system name - so, no, not exactly best practice (for me at least).
You may need to find, and change, the “ServerName” in the main http.conf file to indirectly change it there.

1 Like

Yeah - good eye!
So it’s actually just two files - that are in conflict (not three)

2 Likes
<IfModule mod_ssl.c>
<VirtualHost *:443>
 ServerName server.eyethrees.net
 DocumentRoot "/var/www/html/server.eyethrees.net"
 <Directory "/var/www/html/server.eyethrees.net">
  allow from all
  Options None
  Require all granted
 </Directory>
 RewriteEngine On
 RewriteCond %{HTTP_HOST} ^www\.server.eyethrees\.net$ [NC]
 RewriteRule ^(.*)$ http://server.eyethrees.net$1 [R=301,L]
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =www.servwer.eyethrees.net [OR]
# RewriteCond %{SERVER_NAME} =server.eyethrees.net
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/server.eyethrees.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.eyethrees.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/server.eyethrees.net/chain.pem
</VirtualHost>
</IfModule>

this is the relevant section from httpd-le-ssl.conf
see anything here?

comparing to the main domain’s section from the same file:

<IfModule mod_ssl.c>
<VirtualHost *:443>
 ServerName eyethrees.net
 ServerAlias www.eyethrees.net
 DocumentRoot "/var/www/html/eyethrees.net"
 <Directory "/var/www/html/eyethrees.net">
  allow from all
  Options None
  Require all granted
 </Directory>
 RewriteEngine On
 RewriteCond %{HTTP_HOST} ^www\.eyethrees\.net$ [NC]
 RewriteRule ^(.*)$ http://eyethrees.net$1 [R=301,L]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/server.eyethrees.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.eyethrees.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/server.eyethrees.net/chain.pem
</VirtualHost>
</IfModule>

All that looks good.
You need to check/compare the DocumentRoot section in the other file

1 Like

gotcha, i was just noticing there’s nothing really standing out there

the DocumentRoot line is commented out (as is about 95% of the file)

[this is the important stuff from that file]

2 Likes
##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443

that’s from the conf.d/ssl.conf file

I would leave that file alone and just change the server’s name in the http.conf file
Probabaly at /etc/apache2/
Might be named httpd.conf
or apache2.conf

In the “main” section, you should see:
ServerName server.eyethrees.net

Change that setting there and restart apache.

1 Like

found it at: /etc/httpd/conf/httpd.conf (fyi)

ServerName server.eyethrees.net:80

so it’s already set

1 Like

Different versions of Apache put things in different locations (and with different names).

That needs to NOT be that.

2 Likes

so remove the :80 at the end?

And also remove the :80 at the end.
What I’m saying thou is the name needs to be NOT that name.
Otherwise, if that name can’t be changed (for whatever reason(s)), then you will have to force Apache to reorder the files processed.
[order matters - top down matching hits the wrong file first]

Either method will work.

1 Like

so i removed the :80 at the end and restarted apache and that didn’t seem to do anything

server.eyethrees.net is the ‘hostname’ of the server and i guess that’s why it got set that way

should the ServerName be xxxx.eyethrees.net ?? or just xxxx?

The server’s actual name is mostly irrelevant.
The service name must be a proper FQDN and be handled accordingly.

In the human world it’s much like how actors use “Stage Names” - their real names don’t matter much in that service world.

1 Like