LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-30-2020, 07:03 AM   #1
espenbo
LQ Newbie
 
Registered: Jun 2020
Posts: 3

Rep: Reputation: Disabled
Apache2 Virtual domain servers and diffrent certificates from Let's Encrypt


Nextcloud version _(eg, 18.0.2)_: 18.06
Operating system and version _(eg, Ubuntu 20.04)_:debian 10.4
Apache or nginx version _(eg, Apache 2.4.25)_: Apache/2.4.38 (Debian)
PHP version _(eg, 7.1)_hp 7.3

The issue you are facing:
I have made a domain with some sub domains.

But when I try to go to https://www.stormautomasjon.no or https://svn.stormautomasjon.no

the certificates from cloud.stormautomasjon.no is used.


Hello

I have made a domain with some sub domains.
But when I try to go to https://www.stormautomasjon.no or https://svn.stormautomasjon.no
the certificates from cloud.stormautomasjon.no is used.


stormautomasjon.no
www.stormautomasjon.no
cloud.stormautomasjon.no
svn.stormautomasjon.no
graf.stormautomasjon.no

Code:
/etc/apache2/sites-enabled$ ls
000-stormautomasjon.conf
000-stormautomasjon-ssl.conf
001-nextcloud.conf
001-nextcloud-ssl.conf
002-svn-stormautomasjon.conf
002-svn-stormautomasjon-ssl.conf
003-graf-stormautomasjon.conf
My config files
Code:
cat 000-stormautomasjon-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:433>
  Servername stormautomasjon.no
  ServerAlias www.stormautomasjon.no
  ServerAdmin ***
  DocumentRoot /var/www/stormautomasjon
  ErrorLog /var/log/apache2/stormautomasjon_error.log
  CustomLog /var/log/apache2/stormautomasjon.access.log combined
  <Directory "/var/www/stormautomasjon">
  allow from all
  Options None
  Require all granted
  </Directory>
  SSLEngine on
   Include /etc/letsencrypt/options-ssl-apache.conf
  # Lets encrypt keys
  SSLCertificateFile /etc/letsencrypt/live/www.stormautomasjon.no/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/www.stormautomasjon.no/privkey.pem
</VirtualHost>
Code:
cat 001-nextcloud-ssl.conf
<IfModule mod_ssl.c>
  <VirtualHost *:443>
  Protocols h2 h2c http/1.1
  ServerAdmin ***
  ServerName cloud.stormautomasjon.no
  DocumentRoot "/var/www/nextcloud"
     Alias /nextcloud "/var/html/nextcloud/"
  <IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  Header set X-Content-Type-Options "nosniff"
  # Header always set X-Frame-Options "SAMEORIGIN"
  </IfModule>
  SSLEngine on
  Include /etc/letsencrypt/options-ssl-apache.conf
  <Directory "/var/www/nextcloud/">
  # Options Indexes MultiViews FollowSymlinks
  Options +FollowSymlinks
  AllowOverride All
  Order allow,deny
  Allow from all
  <IfModule mod_dav.c>
  Dav off
  </IfModule>
  </Directory>
  TransferLog /var/log/apache2/nextcloud_access.log
  ErrorLog /var/log/apache2/nextcloud_error.log
   # Lets encrypt keys
   SSLCertificateFile /etc/letsencrypt/live/cloud.stormautomasjon.no/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/cloud.stormautomasjon.no/privkey.pem
   BrowserMatch "MSIE [2-6]" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0
  </VirtualHost>
</IfModule>

Code:
cat 002-svn-stormautomasjon-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:433>
  ServerName svn.stormautomasjon.no
  ServerAdmin ***
  DocumentRoot /var/www/svn/
  ErrorLog ${APACHE_LOG_DIR}/svn_stormautomasjon_ssl_error.log
  CustomLog ${APACHE_LOG_DIR}/svn_stormautomasjonssl_access.log combined
   SSLEngine on
   Include /etc/letsencrypt/options-ssl-apache.conf
  # Lets encrypt keys
  SSLCertificateFile /etc/letsencrypt/live/svn.stormautomasjon.no/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/svn.stormautomasjon.no/privkey.pem
</VirtualHost>
</IfModule>
Code:
cat 003-graf-stormautomasjon.conf
<VirtualHost *:80>
   ServerName graf.stormautomasjon.no
  ServerAdmin ***
  ErrorLog ${APACHE_LOG_DIR}/graf_error.log
  CustomLog ${APACHE_LOG_DIR}/graf_access.log combined
  Redirect / https://graf.stormautomasjon.no
</VirtualHost>
<IfModule mod_ssl.c>
  <VirtualHost *:443>
  Protocols h2 h2c http/1.1
  ServerAdmin ekb@stormelektro.no
  ServerName graf.stormautomasjon.no
  ServerSignature Off
  <IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  Header set X-Content-Type-Options "nosniff"
  </IfModule>
  SSLEngine on
  Include /etc/letsencrypt/options-ssl-apache.conf
  ErrorLog ${APACHE_LOG_DIR}/graf_error.log
  CustomLog ${APACHE_LOG_DIR}/graf_access.log combined
  ProxyPreserveHost On
  ProxyPass / http://localhost:3000/
  ProxyPassReverse / http://localhost:3000/
SSLCertificateFile /etc/letsencrypt/live/graf.stormautomasjon.no/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/graf.stormautomasjon.no/privkey.pem
  </VirtualHost>
</IfModule>
I have made all the certificates on Let's encrypt
Code:
/etc/letsencrypt/live$ ls -R
.:

cloud.stormautomasjon.no  graf.stormautomasjon.no  README  stormautomasjon.no  svn.stormautomasjon.no  www.stormautomasjon.no

./cloud.stormautomasjon.no:
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

./graf.stormautomasjon.no:
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

./stormautomasjon.no:
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

./svn.stormautomasjon.no:
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

./www.stormautomasjon.no:
cert.pem  chain.pem  fullchain.pem  privkey.pem  README
Can anybody see way the webservers only find the certificate from cloud.stormautomasjon.no ?

Thanks for youre help

Espen

Last edited by espenbo; 06-30-2020 at 12:02 PM. Reason: removed mail adress
 
Old 06-30-2020, 09:55 AM   #2
espenbo
LQ Newbie
 
Registered: Jun 2020
Posts: 3

Original Poster
Rep: Reputation: Disabled
mabye it's something in

<code>
/var/log/apache2# cat /etc/letsencrypt/options-ssl-apache.conf
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-RSA-AES256-SHA256HE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHAES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"" vhost_combined
LogFormat "%v %h %l %u %t "%r" %>s %b" vhost_common

#CustomLog /var/log/apache2/access.log vhost_combined
#LogLevel warn
#ErrorLog /var/log/apache2/error.log

# Always ensure Cookies have "Secure" set (JAH 2012/1)
#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*?(.*)) "$1; Secure$3$4"
root@stormautomasjon:/var/log/apache2#
</code>

I can't find any thing

Espen
 
Old 06-30-2020, 09:58 AM   #3
tinfoil3d
Member
 
Registered: Apr 2020
Location: Japan/RJCC
Distribution: debian, lfs, whatever else i need in qemu
Posts: 195

Rep: Reputation: Disabled
So much personal info here. Maybe you'd edit it out?
As for the issue, did you actually reload/restart apache and verified it's running with new configs and all configs test okay?
Code:
apache2ctl -S
 
1 members found this post helpful.
Old 06-30-2020, 12:05 PM   #4
espenbo
LQ Newbie
 
Registered: Jun 2020
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by tinfoil3d View Post
So much personal info here. Maybe you'd edit it out?
As for the issue, did you actually reload/restart apache and verified it's running with new configs and all configs test okay?
Code:
apache2ctl -S
Hello
Thank you. I found it. I had replaced the *:443 with *:433
So I was using the wrong port nummber.

Espen
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to fully automate renewing of Letís Encrypt certificates for multiple sites with Ruby and Letís Encrypt ACMEv2 protocol LXer Syndicated Linux News 0 04-02-2020 04:32 AM
Multidomain Postfix/Dovecot vs. Let's Encrypt certificates kikinovak Slackware 11 04-03-2016 11:46 AM
LXer: Getting started with Let's Encrypt SSL Certificates on Ubuntu LXer Syndicated Linux News 0 02-01-2016 02:30 PM
Apache2, SSL certificates and virtual servers question Alfar Linux - Server 1 08-25-2007 06:29 AM
How to assign diffrent ip/hostnames to diffrent services koppaspider Linux - General 1 02-10-2006 09:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration