Home / Questions / 52950
Accepted
Ivan Botero
Asked: 2020-03-04 07:25:47 +0800 CST 2020-03-04 07:25:47 +0800 CST

Configure multiple <virtualhost> with the same SSL Certificate - Apache

  • 772

I was configuring a couple of domains that share the same SSL certificate, that the content will be in different folders and obviously that everything will be on the same server.

My domains are:

example.com (For the Website)

api.example.com (For the Web Service)

I got the SSL Certificate with Let's Encrypt (free) .

The certificate was generated for both domains, therefore it could be placed in the same directory.

/etc/apache2/ssl/example.com/

Later I made the respective configurations in the Apache sites directory.

/etc/apache2/sites-available/

Also, perform the activation of the sites:

a2ensite example.com

a2ensite api.example.com

The structure of the website is:

-> /var/www/
       -> website/
       -> api/

These are the settings:

/etc/apache2/sites-available/example.com

<VirtualHost *:80>

    ServerName  example.com
    DocumentRoot    /var/www/website/

    LogLevel debug
    ErrorLog ${APACHE_LOG_DIR}/example.com/error.log

        <Directory "/var/www/website/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

<VirtualHost *:443>

    ServerName  example.com
    DocumentRoot    /var/www/website/

    LogLevel debug
    ErrorLog ${APACHE_LOG_DIR}/example.com/error_ssl.log

    SSLEngine on
    SSLCertificateKeyFile   /etc/apache2/ssl/example.com/privkey.pem
    SSLCertificateFile      /etc/apache2/ssl/example.com/cert.pem
    SSLCertificateChainFile /etc/apache2/ssl/example.com/chain.pem

        <Directory "/var/www/website/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

/etc/apache2/sites-available/api.example.com

<VirtualHost *:80>

    ServerName  api.example.com
    DocumentRoot    /var/www/api/

    #RewriteEngine On
    #RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

        <Directory "/var/www/api/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

<VirtualHost *:443>

    ServerName  api.example.com
    DocumentRoot    /var/www/api/

    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/error.log

    SSLEngine on
    SSLCertificateKeyFile   /etc/apache2/ssl/example.com/privkey.pem
    SSLCertificateFile      /etc/apache2/ssl/example.com/cert.pem
    SSLCertificateChainFile /etc/apache2/ssl/example.com/chain.pem

        <Directory "/var/www/api/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

The drawback is:

When I access the site example.comin the browser, the content that it has is opened api.example.com.

This gives rise to my question:

How can we configure several sites using the same SSL Certificate?

apache

1 Answers

  1. Best Answer

    I share my solution.

    After a bit of searching about this requirement I found this Apache parameter.

    SSLStrictSNIVHostCheck

    Which gives us to know a term regarding the Apache.

    SNI

    Server Name Indication

    According to an internet reference, I quote:

    SNI allows the client, before encrypting the connection, to send the server the name of the domain it wishes to access. [1]

    This means that we must enable SNIour server to serve multiple subdomains using the same SSL Certificate.

    How do we do it?

    The first thing to do is modify the following file:

    /etc/apache2/httpd.conf

    And in it we add the following:

    SSLStrictSNIVHostCheck on

    Afterwards, the file is edited:

    /etc/apache2/ports.conf

    And in it we add the following instruction:

    NameVirtualHost *:443

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

    The instruction NameVirtualHost *:443is more necessary to add, since what is below it, is usually the default in the configuration of ports.conf.

    Finally, we save and restart Apache.

    /etc/init.d/apache2 restart

    After this, the subdomains allow their use independently and using the same SSL Certificate.

    Update

    The directive ServerNameindicates one of the server names that can be used in the virtualhost, but we can use another directive, which can be useful if there are multiple domains that use the same content.

    ServerAliases

    Leaving our configuration like this.

    ServerName    example.com
ServerAlias   www.example.com
ServerAlias   sitio.example.com

    Allowing the same configuration to example.combe used by other sites.

    • 6