0

i am loading the SSL files for my wildcard subdomains from Virtualhost, but the second virtual host loads the ssl file of the first virtualhost, and the browser reports Invalid certificate error

Heres the config

    <VirtualHost *:443>
     ServerName cert-1.domain.com 
     ServerAlias cert-1.domain.com,*.net.domain.com 
    DocumentRoot /home/myuser/public_html
     ServerAdmin webmaster@domain.com

     UseCanonicalName Off  

   <IfModule mod_suphp.c>
   suPHP_UserGroup myuser myuser
   </IfModule>
   <IfModule suexec_module>
   <IfModule !mod_ruid2.c>
   SuexecUserGroup myuser myuser 
   </IfModule>
   </IfModule>

   <IfModule ssl_module>
   SSLEngine on 
  SSLCertificateFile /etc/letsencrypt/live/cert-1.domain.com/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/cert-1.domain.com/privkey.pem
   </IfModule>
   </VirtualHost>





    <VirtualHost *:443>
     ServerName cert-2.domain.com
     ServerAlias cert-2.domain.com,*.org.domain.com 
     DocumentRoot /home/myuser/public_html
     ServerAdmin webmaster@domain.com

     UseCanonicalName Off  

     <IfModule mod_suphp.c>
       suPHP_UserGroup myuser myuser
     </IfModule>
     <IfModule suexec_module>
       <IfModule !mod_ruid2.c>
         SuexecUserGroup myuser myuser 
      </IfModule>
     </IfModule>

  <IfModule ssl_module>
   SSLEngine on 
  SSLCertificateFile /etc/letsencrypt/live/cert-2.domain.com-2/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cert-2.domain.com-2/privkey.pem
   </IfModule> 
   </VirtualHost>

But when i visit anything.org.domain.com it loads the SSL file for the first virtualhost instead of that of the second Virtualhost,

Even when i tried a subdomain thats not in the first or second virtualhost, it still loads the first virtualhost SSL file, and browser throws Invalid SSL error.

How can i resolve this,

Thanks

Manuel E
  • 3
  • 2

1 Answers1

1

Server aliases should be separated by space, not comma, so you ServerAlias line should look like this:

ServerAlias cert-1.domain.com *.net.domain.com

Note that more ServerAlias directives can be given in a single block, which makes the config a bit more readable in case of many aliases.

If you request a host for which no explicit configuration exist, Apache serves the first block it finds (this is why it is a good idea to include a VirtualHost block with ServerAlias * in the las place, to have a "catch-all" site).

So in your case, none of the ServerAlias lines work (not as you expect them, anyway), since you are defining an alias to a server which would have the "cert-2.domain.com,*.org.domain.com" name, with comma, asterisk and all. For this, when you ask for "anything.org.domain.com", Apache serves the first block it encounters, as this host name is not defined in the config.

Lacek
  • 6,585
  • 22
  • 28