I set up each entry with <VirtualHost *:443> but when I do that, the second site will complain that the cert is for site1. So if I go to site2.com, I get a browser error that the cert is for site1. It will show me the content for site1.
I am not sure why the difference, my non ssl hosts, ie <VirtualHost *:80> all work fine, each site gives me the correct content, so why does it not work for <VirtualHost *:443>? The Entries are <VirtualHost *:443> ServerName www.site1.com .... <VirtualHost *:443> ServerName www.site2.com .... I am not sure how to do this part: Do not use the 2.2 authz directives (Allow/Deny/Order) and use Require instead I am running Apache 2.2, does it still apply? It does not look like mod_access_compat is listed under mods-enabled From: Frank Gingras <thu...@apache.org> Sent: Thursday, May 9, 2024 4:12 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Multi site SSL problems On Thu, May 9, 2024 at 6:54 PM Chris me <phunct...@hotmail.com<mailto:phunct...@hotmail.com>> wrote: Hi, I am having an issue trying to get multiple sites with their own SSL cert. I purchased AlphaSSL certs for them. The strange thing, the first cert works, the second gives me an ERR_SSL_PROTOCOL_ERROR, but only on some systems. This is what I am using now: ( Site1 is fine, Site2 gives me the error. I originally tried with NameVirtualHost *.443 And then <VirtualHost *.443> But when I go to site2, it complains that the cert is invalid because it is using the cert from site1? ) <IfModule mod_ssl.c> NameVirtualHost 192.99.9.188:443<http://192.99.9.188:443> <VirtualHost www.site1.com:443<http://www.site1.com:443>> ServerName www.site1.com<http://www.site1.com> ServerAdmin webmas...@site1.com<mailto:webmas...@site1.com> DocumentRoot /home/httpd/sites/site1 <Directory /home/httpd/sites/site1> Order allow,deny Allow from all </Directory> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/ssl/site1.ca/server.crt<http://site1.ca/server.crt> SSLCertificateKeyFile /etc/ssl/site1.ca/server.key<http://site1.ca/server.key> SSLCertificateChainFile /etc/ssl/site1.ca/bundle.crt<http://site1.ca/bundle.crt> </VirtualHost> <VirtualHost www.site2.com:443<http://www.site2.com:443>> ServerName www.site2.com<http://www.site2.com> ServerAdmin webmas...@site2.com<mailto:webmas...@site2.com> DocumentRoot /home/httpd/sites/site2 <Directory /home/httpd/sites/site2> Order allow,deny Allow from all </Directory> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/ssl/site2.ca/server.crt<http://site2.ca/server.crt> SSLCertificateKeyFile /etc/ssl/site2.ca/server.key<http://site2.ca/server.key> SSLCertificateChainFile /etc/ssl/site2.ca/bundle.crt<http://site2.ca/bundle.crt> </VirtualHost> </IfModule mod_ssl.c> So many red flags here: - Always use *:PORT when defining a vhost, unless you know exactly what you are doing - Set the ServerName directive in every single vhost - Do not use the 2.2 authz directives (Allow/Deny/Order) and use Require instead - Unload the mod_access_compat module when apachectl configtest passes Lastly, show the output from apachectl -S when the fixes are applied
