[SOLVED] Multiple SSL wildcards on 1 IP

Issue

Currently my server has 1 website running on https/ssl. The thing is when I enable a second vhost, also with https/ssl, the first website I have running is now using the ssl cert of the new website.

I have tried putting the two websites in a single vhost file, didn't work so I made 2 seperate files instead.

Here are my vhost config files:

(Naming them websiteZ and website Y because of alphabetical order they are in)

vhost current running website .conf

<VirtualHost *:80>
ServerAlias *.websiteZ.nl
Redirect 301 / https://websiteZ.nl
</VirtualHost>

NameVirtualHost *:443

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName www.websiteZ.nl
    DocumentRoot "/var/www/html/websites/websiteZ.nl/public"
    <Directory "/var/www/html/websites/websiteZ.nl/public">
        Require all granted
        Options Includes FollowSymLinks
        AllowOverride All
        Order allow,deny   
        Allow from all
    </Directory>
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/websiteZ.nl/certificate.crt
    SSLCertificateKeyFile /etc/apache2/ssl/websiteZ.nl/certificate.key
    SSLCertificateChainFile /etc/apache2/ssl/websiteZ.nl/cabundle.crt 
</VirtualHost>
</IfModule>

new website with ssl .conf

<VirtualHost *:80>
    ServerName websiteY.nl
    ServerAlias www.websiteY.nl
    RewriteEngine On
    RewriteCond %{SERVER_PORT} !443
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
    RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/$1 [R=301,L]
    DocumentRoot "/var/www/html/websites/websiteY.nl/public/"
    <Directory "/var/www/html/websites/websiteY.nl/public/">
        Require all granted
        Options Includes FollowSymLinks
        AllowOverride All
        Order allow,deny   
        Allow from all
    </Directory>
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName www.websiteY.nl
    DocumentRoot "/var/www/html/websites/websiteY.nl/public"
    <Directory "/var/www/html/websites/websiteY.nl/public">
        Require all granted
        Options Includes FollowSymLinks
        AllowOverride All
        Order allow,deny   
        Allow from all
    </Directory>
SSLStrictSNIVHostCheck on
   SSLEngine On
   SSLCertificateFile /etc/apache2/ssl/websiteY.nl/certificate.crt
   SSLCertificateKeyFile /etc/apache2/ssl/websiteY.nl/certificate.key
   SSLCertificateChainFile /etc/apache2/ssl/websiteY.nl/cabundle.crt
</VirtualHost>
</IfModule>

ports.conf

NameVirtualHost *:80
NameVirtualHost *:443

Listen 80

<IfModule mod_ssl.c>
    Listen 443
</IfModule>

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

I looked up the SNI thing, but I think I'm missing something. The way I understand it is that I have to use NameVirtualHost to make it work.

The server is running on AWS ece2 with Ubuntu 16.04.2

The problem occurs when I type in terminal:

a2ensite websiteY.conf

When I do that websiteZ will lose it's https cert and will show a big red cross which says: NOT SECURE! When you click to proceed it links to websiteY

I am a little bit out of options, can someone help me out? Thanks!

Solution

When you enter www.websiteZ.nl without https, the request will first be caught by

<VirtualHost *:80>
ServerAlias *.websiteZ.nl
Redirect 301 / https://websiteZ.nl
</VirtualHost>

and therefore redirected to https://websiteZ.nl

Since none of your :443 Virtual Hosts has neither ServerName or ServerAlias configured with websiteZ.nl, then the one from alphabetically first .conf file will be used, which is in this case the one with websiteY cert.

Answered By - Dusan Bajic

Answer Checked By - David Goodson (WPSolving Volunteer)