How Do I Enable My Ubuntu Server To Host Various SSL-Enabled Websites?

Posted by Andy Ibanez on Server Fault See other posts from Server Fault or by Andy Ibanez
Published on 2013-11-07T01:57:40Z Indexed on 2013/11/07 3:58 UTC
Read the original article Hit count: 528

Actually, I Have looked around for a few hours now, but I can't get this to work. The main problem I'm having is that only one out of two sites works.

I have my website which will mostly be used for an app. It's called atajosapp.com .

atajosapp.com will have three main sites:

  • www.atajosapp.com <- Homepage for the app.
  • auth.atajosapp.com <- Login endpoint for my API (needs SSL)
  • api.atajosapp.com <- Main endpoint for my API (needs SSL).

If you attempt to access api.atajosapp.com it works. It will throw you a 403 error and a JSON output, but that's fully intentional.

If you try to access auth.atajosapp.com however, the site simply doesn't load. Chrome complains with:

The webpage at https://auth.atajosapp.com/ might be temporarily down or it may have moved permanently to a new web address. Error code: ERR_TUNNEL_CONNECTION_FAILED

But the website IS there.

If you try to access www.atajosapp.com or any other HTTP site, it connects fine. It just doesn't like dealing with more than one HTTPS websites, it seems.

The VirtualHost for api.atajosapp.com looks like this:

<VirtualHost *:443>
    DocumentRoot /var/www/api.atajosapp.com
    ServerName api.atajosapp.com
    SSLEngine on
    SSLCertificateFile /certificates/STAR_atajosapp_com.crt
    SSLCertificateKeyFile /certificates/star_atajosapp_com.key
    SSLCertificateChainFile /certificates/PositiveSSLCA2.crt
</VirtualHost>

auth.atajosapp.com Looks very similar:

<VirtualHost *:443>
    DocumentRoot /var/www/auth.atajosapp.com
    ServerName auth.atajosapp.com
    SSLEngine on
    SSLCertificateFile /certificates/STAR_atajosapp_com.crt
    SSLCertificateKeyFile /certificates/star_atajosapp_com.key
    SSLCertificateChainFile /certificates/PositiveSSLCA2.crt
</VirtualHost>

Now I have found many websites that talk about possible solutions. At first, I was getting a message like this:

_default_ VirtualHost overlap on port 443, the first has precedence

But after googling for hours, I managed to solve it by editing both apache2.conf and ports.conf. This is the last thing I added to ports.conf:

<IfModule mod_ssl.c>
NameVirtualHost *:443
    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    NameVirtualHost *:443
    Listen 443
</IfModule>

Still, right now only api.atajosapp.com and www.atajosapp.com are working. I still can't access auth.atajosapp.com. When I check the error log, I see this:

Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)

I don't know what else to do to make both sites work fine on this. I purchased a Wildcard SSL certificate from Comodo that supposedly secures *.atajosapp.com, so after hours trying and googling, I don't know what's wrong anymore.

Any help will be really appreciated.

EDIT: I just ran the apachectl -t -D DUMP_VHOSTS command and this is the output. Can't make much sense of it...:

root@atajosapp:/# apachectl -t -D DUMP_VHOSTS
apache2: Could not reliably determine the server's fully qualified domain name, using atajosapp.com for ServerName
[Thu Nov 07 02:01:24 2013] [warn] NameVirtualHost *:443 has no VirtualHosts
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443                  is a NameVirtualHost
         default server api.atajosapp.com (/etc/apache2/sites-enabled/api.atajosapp.com:1)
         port 443 namevhost api.atajosapp.com (/etc/apache2/sites-enabled/api.atajosapp.com:1)
         port 443 namevhost auth.atajosapp.com (/etc/apache2/sites-enabled/auth.atajosapp.com:1)
*:80                   is a NameVirtualHost
         default server atajosapp.com (/etc/apache2/sites-enabled/000-default:1)
         port 80 namevhost atajosapp.com (/etc/apache2/sites-enabled/000-default:1)

© Server Fault or respective owner

Related posts about ssl

Related posts about virtualhost