How Do I Enable My Ubuntu Server To Host Various SSL-Enabled Websites?
Posted
by
Andy Ibanez
on Server Fault
See other posts from Server Fault
or by Andy Ibanez
Published on 2013-11-07T01:57:40Z
Indexed on
2013/11/07
3:58 UTC
Read the original article
Hit count: 572
Actually, I Have looked around for a few hours now, but I can't get this to work. The main problem I'm having is that only one out of two sites works.
I have my website which will mostly be used for an app. It's called atajosapp.com .
atajosapp.com will have three main sites:
- www.atajosapp.com <- Homepage for the app.
- auth.atajosapp.com <- Login endpoint for my API (needs SSL)
- api.atajosapp.com <- Main endpoint for my API (needs SSL).
If you attempt to access api.atajosapp.com it works. It will throw you a 403 error and a JSON output, but that's fully intentional.
If you try to access auth.atajosapp.com however, the site simply doesn't load. Chrome complains with:
The webpage at https://auth.atajosapp.com/ might be temporarily down or it may have moved permanently to a new web address.
Error code: ERR_TUNNEL_CONNECTION_FAILED
But the website IS there.
If you try to access www.atajosapp.com or any other HTTP site, it connects fine. It just doesn't like dealing with more than one HTTPS websites, it seems.
The VirtualHost for api.atajosapp.com looks like this:
<VirtualHost *:443>
DocumentRoot /var/www/api.atajosapp.com
ServerName api.atajosapp.com
SSLEngine on
SSLCertificateFile /certificates/STAR_atajosapp_com.crt
SSLCertificateKeyFile /certificates/star_atajosapp_com.key
SSLCertificateChainFile /certificates/PositiveSSLCA2.crt
</VirtualHost>
auth.atajosapp.com Looks very similar:
<VirtualHost *:443>
DocumentRoot /var/www/auth.atajosapp.com
ServerName auth.atajosapp.com
SSLEngine on
SSLCertificateFile /certificates/STAR_atajosapp_com.crt
SSLCertificateKeyFile /certificates/star_atajosapp_com.key
SSLCertificateChainFile /certificates/PositiveSSLCA2.crt
</VirtualHost>
Now I have found many websites that talk about possible solutions. At first, I was getting a message like this:
_default_ VirtualHost overlap on port 443, the first has precedence
But after googling for hours, I managed to solve it by editing both apache2.conf and ports.conf. This is the last thing I added to ports.conf:
<IfModule mod_ssl.c>
NameVirtualHost *:443
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
NameVirtualHost *:443
Listen 443
</IfModule>
Still, right now only api.atajosapp.com and www.atajosapp.com are working. I still can't access auth.atajosapp.com. When I check the error log, I see this:
Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
I don't know what else to do to make both sites work fine on this. I purchased a Wildcard SSL certificate from Comodo that supposedly secures *.atajosapp.com, so after hours trying and googling, I don't know what's wrong anymore.
Any help will be really appreciated.
EDIT: I just ran the apachectl -t -D DUMP_VHOSTS
command and this is the output. Can't make much sense of it...:
root@atajosapp:/# apachectl -t -D DUMP_VHOSTS
apache2: Could not reliably determine the server's fully qualified domain name, using atajosapp.com for ServerName
[Thu Nov 07 02:01:24 2013] [warn] NameVirtualHost *:443 has no VirtualHosts
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443 is a NameVirtualHost
default server api.atajosapp.com (/etc/apache2/sites-enabled/api.atajosapp.com:1)
port 443 namevhost api.atajosapp.com (/etc/apache2/sites-enabled/api.atajosapp.com:1)
port 443 namevhost auth.atajosapp.com (/etc/apache2/sites-enabled/auth.atajosapp.com:1)
*:80 is a NameVirtualHost
default server atajosapp.com (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost atajosapp.com (/etc/apache2/sites-enabled/000-default:1)
© Server Fault or respective owner