httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filipe Cifali <cifali.fil...@gmail.com>
Subject Re: [users@httpd] LetsEncrypt.org with Virtual Hosting
Date Tue, 14 Jun 2016 19:15:36 GMT
Your are probably hitting the wrong cert file, check with:

openssl s_client -connect example.info:443

You can also try to disable the first SSL and check if you hit the right
one after.

On Tue, Jun 14, 2016 at 4:08 PM, <rich.greder@hushmail.com> wrote:

> For some time, I have been hosting about 10 sites unencrypted.  But since
> people other than just myself will be using my squirrelmail, I decided to
> encrypt my server.  I had delayed it simply because keys are too expensive
> to buy, but now I learned about LetsEncrypt.org and have been working in
> that direction.
>
> So far, I moved two websites over to this server, example.com and
> example.info.  My first test of the LetsEncrypt software was of the form
> of:
>
> # letsencrypt-auto -apache -d example.com
>
> but I ran into a caveat with www.example.com not being accepted.  I
> decided to re-run with the other domain included as well, so I did the
> remaining three combinations:
>
> #letsencrypt-auto -apache -d www.example.com -d example.info -d
> www.example.info
>
> The conf files for the sites are fairly straight-forward in my mind.
> There are four of them:
>
> #/etc/apache2/sites-available/80-example.com
> <IfModule mod_ssl.c>
> <VirtualHost *:80>
> ServerAdmin webmaster@localhost
> DocumentRoot /var/www/example.com/public_html/
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> ServerName example.com
> ServerAlias www.example.com
> </VirtualHost>
> </IfModule>
>
> #/etc/apache2/sites-available/443-example.com
> <IfModule mod_ssl.c>
> <VirtualHost *:443>
> ServerAdmin webmaster@example.com
> DocumentRoot /var/www/example.com/public_html/
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
> Include /etc/letsencrypt/options-ssl-apache.conf
> ServerName example.com
> ServerAlias www.example.com
> </VirtualHost>
> </IfModule>
>
> #/etc/apache2/sites-available/80-example.info
> <IfModule mod_ssl.c>
> <VirtualHost *:80>
> ServerAdmin webmaster@localhost
> DocumentRoot /var/www/example.info/public_html/
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> ServerName example.info
> ServerAlias www.example.info
> </VirtualHost>
> </IfModule>
>
> #/etc/apache2/sites-available/443-example.info
> <IfModule mod_ssl.c>
> <VirtualHost *:443>
> ServerAdmin webmaster@example.info
> DocumentRoot /var/www/example.info/public_html/
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
> Include /etc/letsencrypt/options-ssl-apache.conf
> ServerName example.info
> ServerAlias www.example.info
> </VirtualHost>
>
> Notice that SSLCertificateFile and SSLCertificateKeyFile are the same for
> both of the domains, because they use the same key of example.com.  The
> website, example.com works perfectly fine.  But example.info has serious
> problems (On the order of NET::ERR_CERT_COMMON_NAME_INVALID).  Who has an
> idea on how to fix this?  I can't experiment too much because I'm limited
> to 5 keys per week so learning this myself is a very slow-track process.
>
> There are a number of HOWTO documents out there, but there is very wide
> variance in their steps that I have little confidence in them, but have
> chosen one and decided to try at it.  Once I get this established, I
> promise to write a blog article explaining the procedure a little bit better
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
[ ]'s

Filipe Cifali Stangler

Mime
View raw message