this is how my ssl, vhosts, redirects are setup maybe this will helpnote any ssl website name MUST equal a valid certificate or you will get a cert mismatch error !!
granted there are several cert authorities (free ssl etc) i have found its just easier to get a resale account (lots of providers opensrs, certigo, thwarte etc etc) and pay the 10.00 per cert.
cert would be ok for www.xxx.com xnd xxx.com (aka you typically only need one certificate per site.)
not pushing any provider, just saying letsencrypt etc does not always work reliabily or speed issues....
<VirtualHost *:80> ServerName bedrockconstruction.ca ServerAlias bedrockconstruction.ca ServerAlias www.bedrockconstruction.ca Redirect permanent / https://bedrockconstruction.ca/ </VirtualHost> <VirtualHost *:443> ServerName bedrockconstruction.ca ServerAlias bedrockconstruction.ca ServerAlias www.bedrockconstruction.ca DocumentRoot /www/bedrockconstruction.ca SSLEngine on SSLProtocol allSSLCertificateFile /www/bedrockconstruction.ca/ssl/bedrockconstruction.ca.crt SSLCertificateKeyFile /www/bedrockconstruction.ca/ssl/bedrockconstruction.ca.key SSLCertificateChainFile /www/bedrockconstruction.ca/ssl/bedrockconstruction.ca.chain
SuexecUserGroup www www <Directory "/www/bedrockconstruction.ca/wp-content/uploads/"> <Files "*.php"> Order Deny,Allow Deny from All </Files> </Directory> <Directory /www/bedrockconstruction.ca> php_admin_value open_basedir /www/bedrockconstruction.ca:/var/log/ </Directory> <Directory /www/bedrockconstruction.ca> php_admin_value sys_temp_dir /www/bedrockconstruction.ca/tmp/ </Directory> <Directory /www/bedrockconstruction.ca> php_admin_value session.save_path /www/bedrockconstruction.ca/tmp/ </Directory> <Directory /www/bedrockconstruction.ca> php_admin_value soap.wsdl_cache_dir /www/bedrockconstruction.ca/tmp/ </Directory> <Directory /www/bedrockconstruction.ca> php_admin_value upload_tmp_dir /www/bedrockconstruction.ca/tmp </Directory> <Directory "/www/bedrockconstruction.ca"> AllowOverride All php_value session.save_path "/www/bedrockconstruction.ca/" </Directory> </VirtualHost> Happy Wednesday !!! Thanks - paul Paul Kudla Scom.ca Internet Services <http://www.scom.ca> 004-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3 Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@xxxxxxx On 7/5/2022 5:38 PM, scom.ca@xxxxxxxxxxxxxxxx wrote:
I've tried several variations but basically the error message is that the certificate and the key for example2.com <http://example2.com/> don't match. I thought I had set up the certificate with the proper keys so something must be screwed up with the certificate. I'm working on that.JackOn 2 Jul 2022, at 1:21, Frank Gingras <thumbs@xxxxxxxxxx <mailto:thumbs@xxxxxxxxxx>> wrote:What does the error log say, exactly? Note that TLS failures can be almost silent in the logs, so if a single vhost causes the startup error, then check the certificate.On Fri, 1 Jul 2022 at 17:24, jnilles@xxxxxxxx <mailto:jnilles@xxxxxxxx> <jnilles@xxxxxxxx <mailto:jnilles@xxxxxxxx>> wrote:Here's an example version of my vhosts.conf file: # http redirect <VirtualHost *:80> ServerName central.com <http://central.com/> ServerAlias www.example1.com <http://www.example1.com/> *.example1.com <http://example1.com/> Redirect / https://www.example1.com/ <https://www.example1.com/> ErrorLog /var/log/apache2/example1.com <http://example1.com/>-error80_log CustomLog /var/log/apache2/example1.com <http://example1.com/>-access80_log combined </VirtualHost> <Virtualhost *:80> ServerName example2.com <http://example2.com/> ServerAlias www.example2.com <http://www.example2.com/> *.example2.com <http://example2.com/> Redirect / https://www.example2.com/ <https://www.example2.com/> ErrorLog /var/log/apache2/example2.com <http://example2.com/>-error80_log CustomLog /var/log/apache2/example2.com <http://example2.com/>-access80_log combined </VirtualHost> # https version <VirtualHost *:443> ServerAdmin webmaster@xxxxxxxxxxx <mailto:webmaster@xxxxxxxxxxx> ServerName example1.com <http://example1.com/> ServerAlias www.example1.com <http://www.example1.com/> *.example1.com <http://example1.com/> DocumentRoot "/home/data/hqwww/htdocs" SSLEngine on SSLProtocol all -SSLv2 SSLCertificateFile /etc/apache2/ssl.crt/example.crt SSLCertificateKeyFile /etc/apache2/ssl.key/www.example1.com.key <http://www.example1.com.key/> SSLCertificateChainFile /etc/apache2/ssl.crt/example1.ca <http://example1.ca/>-bundle RewriteEngine On RewriteOptions Inherit <Directory "/home/data/example1/htdocs"> AllowOverride None Options FollowSymlinks Require all granted </Directory> AccessFileName .htaccess ErrorLog /var/log/apache2/example1.com <http://example1.com/>-error_log CustomLog /var/log/apache2/example1.com <http://example1.com/>-access_log combined Include /etc/apache2/conf.d/*.conf </VirtualHost> <VirtualHost *:443> ServerAdmin webmaster@xxxxxxxxxxx <mailto:webmaster@xxxxxxxxxxx> ServerName example2.com <http://example2.com/> ServerAlias www.example2.com <http://www.example2.com/> *.example2.com <http://example2.com/> DocumentRoot "/home/data/jmnwww/htdocs" SSLEngine on SSLProtocol all -SSLv2 SSLCertificateFile /etc/apache2/ssl.crt/example2.crt SSLCertificateKeyFile /etc/apache2/ssl.key/www.example2.com.key <http://www.example2.com.key/> SSLCertificateChainFile /etc/apache2/ssl.crt/example2.ca <http://example2.ca/>-bundle RewriteEngine On RewriteOptions Inherit <Directory "/home/data/example2/htdocs"> ## To make the site work with pretty permalinks use the next 2 uncommented lines. ## Otherwise use 'Options None' and 'AllowOverride None' AllowOverride all Options FollowSymlinks Require all granted </Directory> AccessFileName .htaccess ErrorLog /var/log/apache2/example2.com <http://example2.com/>-error_log CustomLog /var/log/apache2/example2.com <http://example2.com/>-access_log combined Include /etc/apache2/conf.d/*.conf </VirtualHost> If I drop the second host (example2), leaving just example1 it works; with both hosts apache crashes on restart. Here is the failure message output for that case. systemctl status apache2.service *●*apache2.service - The Apache Webserver Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; vendor preset: disabled) Active: *failed*(Result: exit-code) since Fri 2022-07-01 14:12:39 PDT; 6min ago Process: 29193 ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start *(code=exited, status=1/*> Main PID: 29193 (code=exited, status=1/FAILURE) Status: "Reading configuration..." Jul 01 14:12:39 donner systemd[1]: Starting The Apache Webserver... Jul 01 14:12:39 donner start_apache2[29193]: AH00548: NameVirtualHost has no effect and will be removed in t> Jul 01 14:12:39 donner systemd[1]: *apache2.service: Main process exited, code=exited, status=1/FAILURE* Jul 01 14:12:39 donner systemd[1]: *apache2.service: Failed with result 'exit-code'.* Jul 01 14:12:39 donner systemd[1]: *Failed to start The Apache Webserver.*On 30 Jun 2022, at 16:24, Frank Gingras <thumbs@xxxxxxxxxx <mailto:thumbs@xxxxxxxxxx>> wrote: That is one assumption, sure. Best to have the user run apachectl -S to confirm. For all we know, they could have defined invalid vhosts. On Thu, 30 Jun 2022 at 16:54, <freebsd@xxxxxxxxxxxx <mailto:freebsd@xxxxxxxxxxxx>> wrote: You are missing something called virtual hosts. You are allowed one host but you can have many virtual hosts. Secondly, you should be using Leap 15.4, it sounds like you are out of date, sorry to say.____ __ __ If you go to your httpd.conf file then you will notice that there is a enable virtual hosts #include virtual hosts.conf httpd-vhosts.conf so uncomment it remove the #____ __ __ *De :* jnilles@xxxxxxxx <mailto:jnilles@xxxxxxxx> <jnilles@xxxxxxxx <mailto:jnilles@xxxxxxxx>> *Envoyé :* jeudi 30 juin 2022 16:28 *À :* users@xxxxxxxxxxxxxxxx <mailto:users@xxxxxxxxxxxxxxxx> *Objet :* NameVirtualHost fails____ __ __ I'm using SUSE Leap 15.3 and apache2. I'm trying to get SSL to work on two hosts with the same IP address. My vhosts.config is set for the two hosts but only one actually runs. When I run systemctl status apache2.service I get a message that NameVirtualHost has no effect and will be removed. So the configuration only works if I have just one host.____ __ __ What key detail am I missing in the network configuration?____ __ __ Thanks,____ __ __ Jack Nilles____ __ __-- This message has been scanned for viruses and dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is believed to be clean.
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|