LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 04-04-2012, 09:31 AM   #1
mwjones
LQ Newbie
 
Registered: Mar 2010
Posts: 22

Rep: Reputation: 0
Unhappy VirtualHost SSL subdomains with Apache2 on Debian?


I purchased a wildcard SSL cert through my DNS registrar, gandi.net. The cert works great on a straight domain (e.g. https://example.com); but I am having trouble setting up subdomains.

The subdomain I'm trying to set up is just x.example.com. The response from https://x.example.com in the web browser is host not found. But remember that https://example.com works perfectly.

Here is my config from the file /etc/apache2/sites-enabled/example.com:

Code:
NameVirtualHost *:80
NameVirtualHost *:443


<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com *.example.com
ServerAdmin mwjones@example.com
DocumentRoot /home/mwjones/www/example.com
<Directory />
        Options FollowSymLinks
        AllowOverride AuthConfig
</Directory>

<Directory /home/mwjones/www/example.com>
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride Authconfig
        Order allow,deny
        allow from all
</Directory>

ErrorLog /var/log/apache2/example.com_error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog /var/log/apache2/example.com_access.log combined
ServerSignature On
</VirtualHost>

<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com *.example.com
ServerAdmin mwjones@example.com
DocumentRoot /home/mwjones/www/example.com
<Directory />
    Options FollowSymLinks
    AllowOverride AuthConfig
</Directory>

<Directory /home/mwjones/www/example.com>
    Options -Indexes FollowSymLinks MultiViews
    AllowOverride Authconfig
    Order allow,deny
    allow from all
</Directory>

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/cert-example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/mwjones.key
SSLCertificateChainFile /etc/apache2/ssl/GandiStandardSSLCA.pem
SSLVerifyClient None

ErrorLog /var/log/apache2/example.com-ssl_error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog /var/log/apache2/example.com-ssl_access.log combined
ServerSignature On
</VirtualHost>

<VirtualHost *:443>
ServerName x.example.com
DocumentRoot /home/mwjones/www/example.com/x

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/cert-example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
SSLCertificateChainFile /etc/apache2/ssl/GandiStandardSSLCA.pem
SSLVerifyClient None

ErrorLog /var/log/apache2/example.com_x-ssl_error.log
LogLevel debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog /var/log/apache2/example.com_x-ssl_access.log combined
ServerSignature On
</VirtualHost>
The access log is empty, but here are the contents of /var/log/apache2/example.com_x-ssl_error.log with its LogLevel set to debug:

Code:
[Wed Apr 04 09:25:12 2012] [info] Loading certificate & private key of SSL-aware server
[Wed Apr 04 09:25:12 2012] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Wed Apr 04 09:25:25 2012] [info] Configuring server for SSL protocol
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv3, TLSv1)
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(664): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(748): Configuring server certificate chain (1 CA certificate)
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(795): Configuring RSA server certificate
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(834): Configuring RSA server private key
[Wed Apr 04 09:25:25 2012] [info] Loading certificate & private key of SSL-aware server
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Wed Apr 04 09:25:25 2012] [info] Configuring server for SSL protocol
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv3, TLSv1)
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(664): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(748): Configuring server certificate chain (1 CA certificate)
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(795): Configuring RSA server certificate
[Wed Apr 04 09:25:25 2012] [debug] ssl_engine_init.c(834): Configuring RSA server private key
What am I missing and how do I fix this?
 
Old 04-04-2012, 10:41 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6
Posts: 1,602

Rep: Reputation: 483Reputation: 483Reputation: 483Reputation: 483Reputation: 483
I've never done anything with wildcard domains but you could try defining your site x.example.com BEFORE your wildcarded *.example.com
 
Old 04-04-2012, 11:27 AM   #3
mwjones
LQ Newbie
 
Registered: Mar 2010
Posts: 22

Original Poster
Rep: Reputation: 0
Thanks for the suggestion; unfortunately it had no effect. The results were the same.
 
Old 04-04-2012, 11:37 AM   #4
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6
Posts: 1,602

Rep: Reputation: 483Reputation: 483Reputation: 483Reputation: 483Reputation: 483
Did you try temporarily taking out the *.domain.com ServerAlias? I'm also assuming that you have the correct DNS entry for x.domain.com in place?
 
1 members found this post helpful.
Old 04-04-2012, 11:55 AM   #5
mwjones
LQ Newbie
 
Registered: Mar 2010
Posts: 22

Original Poster
Rep: Reputation: 0
Thanks for mentioning that, it was a bind issue. I added the following record and it fixed the problem:

Code:
x       IN      A       1.2.3.4
Thanks again
 
Old 04-04-2012, 11:56 AM   #6
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6
Posts: 1,602

Rep: Reputation: 483Reputation: 483Reputation: 483Reputation: 483Reputation: 483
Quote:
Originally Posted by mwjones View Post
Thanks again
You're welcome, glad you got sorted.
 
  


Reply

Tags
apache2, debian, ssl, subdomain, virtualhost


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian SSL + apache2 jef3189 Linux - Server 1 01-27-2009 10:31 PM
Fast subdomains in VirtualHost - how? Tomek58 Linux - Server 1 12-31-2008 10:18 AM
Apache2 VirtualHost and SSL Alfar Linux - Server 2 10-20-2007 02:10 AM
Apache VirtualHost, multiple domains and subdomains chrisfx Linux - Networking 2 08-10-2004 03:58 PM
Debian Woody - Apache2 w SSL claeseke Linux - Software 1 08-13-2003 05:24 AM


All times are GMT -5. The time now is 07:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration