Topic: Apache 2.2.22 Picks SSL for Every Single Domain Error

[Klaipedaville]

Hello there,

I would be really much obliged if anyone could give me a few pointers on SSL.

I am really stuck at one unusual issue. I have one valid commercial Comodo certificate. It is correctly installed and works fine on my 443 port when I go to https://www.domain1.com

However, I have quite a few other virtual hosts that also work fine on my port 80 when I go to http://www.domain2.com then http://www.domain3.com and so on.

Now out of curiosity I have typed https://www.domain2.com and it picked up the SSL certificate from my first domain1.com when it wasn't supposed to (I guess)! It reported an error but worked! Then I tried all my other domains 3,4,5 and so on and the issue repeated.

I would be really grateful and thankful is somebody advised how do I keep this single certificate to the only domain name it belongs to? It has no wild cards and is valid for only one domain name I bought it for. The example of my hosts' configuration is below:

<VirtualHost *:80>
DocumentRoot "/directory/home/place"
ServerName domain1.com
<Directory "/directory/home/place">
allow from all
Options +Indexes
</Directory>
ServerAlias www.doamin1.com
</VirtualHost>

<VirtualHost *:443>
DocumentRoot "/directory/home/place"
ServerName domain1.com
<Directory "/directory/home/place">
allow from all
Options +Indexes
</Directory>
SSLCertificateFile /etc/ssl/certificate.crt
SSLCertificateKeyFile /etc/ssl/key.key
SSLCACertificateFile /etc/ssl/ca-bundle
SSLEngine on
ServerAlias www.doamin1.com
</VirtualHost>

<VirtualHost *:80>
DocumentRoot "/directory/home/place2"
ServerName domain2.com
<Directory "/directory/home/place2">
allow from all
Options +Indexes
</Directory>
ServerAlias www.doamin2.com
</VirtualHost>

Would appreciate any input, comments, suggestions, advices or assistance at all! I cannot seem to find any mistakes or at least where to start looking for them as I do not even know how to call this mistake / issue if it is an issue at all Many thanks in advance!

[Steffen]

Maybe mod_rewrite can do the trick, not tested:

Try to put in the non-ssl vhosts:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

More info for example at:
http://stackoverflow.com/questions/8371/how-do-you-redirect-https-to-http

[Klaipedaville]

Appreciate your idea, thanks.

I have already tried it but nothing of those seems to help.

I begin to think that this is because of all of my domains are hosted on the same IP address. That's why any domain name on that IP will try the certificate "on" so to speak. Then the domain name that matches won't throw an error, all the others will say hey, the cert is wrong.

There is 1 IP = one domain name = one SSL certificate rule for the certificate I have. Not sure if there are any other ways around it.

Any more ideas anyone? Many thanks!

[Klaipedaville]

I have to figure out how to force the non-ssl vhosts to stay out of https connections all the time even if someone tries them out on https.. it's not really mod_rewrite / redirect is it? There is gotta be something else... I think..

[Steffen]

For ideas you can have a look at

www.apachelounge.com/viewtopic.php?t=5718

[Klaipedaville]

Thank you Steffen!

You pointed me out the direction. Now at least I know where to head to and what to look for

[Klaipedaville]

Someone had a real cool idea (link given in your previous post) but the point there was that you had to have two certificates. The idea itself is very interesting! I may have to tweak it around to make it work the way I need it.

However, I begin to think that the easiest might be to do it in php, that is directly in code on my web-site.

[Klaipedaville]

Hello there apachelounge again!

I just wanted to share how it worked in my case. I consulted https://wiki.apache.org/httpd/RedirectSSL and applied very simple one extra line of redirect permanent to all of my non-ssl hosts confuguration. That is including "as if" they were also SSLs. This is how it looks, hope it will help someone else with the similar issue as well.

<VirtualHost *:80>
DocumentRoot "/directory/home/place"
ServerName domain1.com
<Directory "/directory/home/place">
allow from all
Options +Indexes
</Directory>
ServerAlias www.doamin1.com
</VirtualHost>

<VirtualHost *:443>
DocumentRoot "/directory/home/place"
ServerName domain1.com
<Directory "/directory/home/place">
allow from all
Options +Indexes
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certificate.crt
SSLCertificateKeyFile /etc/ssl/key.key
SSLCACertificateFile /etc/ssl/ca-bundle
Redirect permanent / http://www.domain1.com/
ServerAlias www.doamin1.com
</VirtualHost>

The second part of <VirtualHost *:443></VirtualHost> has to be added to all your non-ssl vhosts changing only DocumentRoot, Directory, and ServerAlias paths / records accordingly, if needed.

[admin]

Thanks! for sharing.