4

I have an Apache 2.4 server that I have created a self-signed cert for testing https with a new client site. The problem I'm encountering is that the ssl.conf file's is always loading for my site when I attempt to go to the defined virtualhost I set up in a separate vhosts.conf file.

Could someone please help me understand why the desired virtualhost is never loading and only the default is?

My ssl.conf contents

Listen 443 https SSL Global Context SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog SSLSessionCache shmcb:/run/httpd/sslcache(512000) SSLSessionCacheTimeout 300 SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin <VirtualHost _default_:443> DocumentRoot "/var/www/html" ServerName localhost:443 ErrorLog logs/default_ssl_error_log TransferLog logs/default_ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>

My virtualhost file content

<VirtualHost demo.ffh.com:443> ServerAdmin [email protected] ServerName demo.ffh.com DocumentRoot "/var/www/vhosts/ffh/public" RewriteEngine On # And THIS doesn't seem to be working at all! LogLevel debug rewrite:trace8 <Directory "/var/www/vhosts/ffh/public/"> AllowOverride all SSLOptions +StdEnvVars #Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all SSLRequireSSL On </Directory> SSLEngine on SSLCertificateKeyFile /etc/httpd/ssl/ssl.key/demo_ffh.key SSLCertificateFile /etc/httpd/ssl/ssl.crt/demo_ffh.crt <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 CustomLog logs/ssl_ffh-access.log combined ErrorLog logs/ssl_ffh-error.log </VirtualHost>

Does anyone see why the vhosts.conf site is being ignored in favor of the default? And how do I fix this? Been banging my head against a wall all day with this.

NOTE: "Probably worth calling out that I have tried the IP address and *:443 in the vhost.conf instead of the domain, but still no love."

Improve this question
1

4 Answers 4

Reset to default
2

I have been having this issue and four solutions were to

  1. change the paths to point at my cert and key (and any other intermediate certs?) directly in the /etc/httpd/conf.d/ssl.conf

This is ok if you have only a single SSL cert for the whole machine.

  1. remove the entire default virtualhost entry from ssl.conf,

This gives me the configuration in SSL.conf and allows me to determine my own VirtualHost entries for multiple SSL certs (if necessary)

  1. put the ssl.conf (alphabetically) after my desired conf file, which I named "vhosts.conf" (I changed ssl.conf to "vv.conf" to test this)

This works as well for multiple SSL certs in my vhosts.conf file, but makes me feel dirty because I'm changing names. I guess one could use the conf.modules.d-meets-sitesenabled syntax of 010-vhosts.conf 020-ssl.conf and feel very slightly less dirty.

  1. put my own cert and key in /etc/pki/tls/certs/localhost.crt and /etc/pki/tls/private/localhost.key

Eh... maybe for some people.. I didn't like that though.

Improve this answer
1
  • OK looks like we're just using 00-vhosts.conf to make sure our config goes first. It was the least disruptive. I don't feel too dirty. Normal dirty. Commented Jul 20, 2017 at 1:34
1

Okay...I guess I fixed it. O.o

I'm uncertain of exactly what it was that made this work, but the last couple things I did were;

  1. I created a new self-signed cert and set the vhost config to use it and the respective key.
  2. I then changed the virtualhost config to *:443.
  3. Restarted the apache server. And VIOLA! What gives?!

Oh well...maybe lesson learned here?

Improve this answer
0

Lets Encrypt Stopped Processing ssl.conf first

I think I have the reverse problem. OP here wants Vhost file to be processed instead of ssl.conf.

I need ssl.conf processed before e.conf, like it was before. I don't understand why before ssl.conf was the default and no files in /etc/httpd/conf.d interfered, even if they were first alphabetically.

I think the solution for my case would be, reinstall, unless someone can provide a better solution.

Edit: I found a better solution than reinstalling (at least for now) Lets Encrypt Stopped Processing ssl.conf first But I think it's a hack and still looking for better options.

EDIT: The fix to my problem was rename the em-le-ssl.conf file, not em.conf to something after ssl.conf alphabetically. To fix the problem here, the asker would have to rename their vHost-le-ssl.conf file to something before ssl.conf.

Improve this answer
1
  • sysadmin1138, Why would you thank me then remove my post. Contradictory. Either way, I fixed my post to be an answer and not just a question to a question. I would have posted it as a comment, but it won't let me yet... Commented May 8, 2020 at 20:50
0

It seems indeed (see this answer) that you need to put

<VirtualHost *:443>

for your site/configuration file (and each of them) instead of

<VirtualHost demo.ffh.com:443>

The resolution will be done by the ServerName parameter.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.