Problems with SSL websites

Hello, I'm posting here becase the automatic ticket service is temporary out of service.

I have some website hosted on my Virtualmin server. Only three sites have SSL enabled and work fine, but now i can't enable SSL website on another domain hosted because, if I do it, apache shows up a wrong website content. In detail: I have https://mail.santostefanodicamastra.eu that works fine, but, if I enable SSL on gestione.societaoperaia.it, when I try to access in https://mail.santostefanodicamastra.eu/ I can see in my browser that is effectively showed the content of https://gestione.societaoperaia.it (with warning and certification error). At this time my only temporary solution is to disable SSL on gestione.societaoperaia.it , but what is the right way to resolve this problem ?

Thanks.

Best Regards, Dario.

Status: 
Active

Comments

Assigned: ยป Unassigned

Hmm, just to verify -- is "mail.santostefanodicamastra.eu" setup as a Virtual Server on your system? Normally that wouldn't be... it's just a DNS alias that points to your main server.

I'm wondering if it was working in the past, just because a different Virtual Server happened to be the default for that IP address.

One other troubleshooting step -- after enabling SSL for that site, what is the output of this command:

grep :443 /etc/apache2/sites-enabled/*.conf

That will show us if there any any IP address related configuration problems that are causing that.

Yes! The problem is an IP related configuration:

grep :443 /etc/apache2/sites-enabled/*.conf

/etc/apache2/sites-enabled/algostudio.it.conf: < VirtualHost 149.202.103.2:443 >

/etc/apache2/sites-enabled/mail.santostefanodicamastra.eu.conf: < VirtualHost *:443 >

in the first line of grep output there is the result of enabling SSL on a "new" site. In the second line an "old" site with SSL enabled with * instead of IP. The problem is that now, if I turn on SSL in any domain, I can see always the IP address bonded with port 443. (but only with port 443, port 80 is always with *) Why ???

Thanks, Dario.

Okay, just to make sure we have the right solution here -- should both of those SSL certs be on the same IP address? Or are they on different IP's? That is, should they be both on "149.202.103.2"?

Yes, both SSL sites are on the same IP, but generally I have two public IP on this server and sometimes I need to change some virtualhost IP. However, in the example reported above, the two sites are configured to share the same IP (the main IP of the server shared by default with all virtualhosts).

Thank you very much for your help.

Okay, here's what I recommend then.

If you edit "/etc/apache2/sites-enabled/mail.santostefanodicamastra.eu.conf", change the "VirtualHost line for the SSL block (probably halfway down the file) from this:

<VirtualHost *:443>

To this:

<VirtualHost 149.202.103.2:443>

After doing that, restart Apache, and see if SSL for both sites works properly now.

Yes, I have already done this. But the problem is that If I create a new virtual host (or If I enable SSL on existing virtualhost) I have to do this manually everytime. Why Virtualmin don't do it automatically? Why the problem is related only to port 443? (port 80 works fine). There is a way to fix it ? (I have this virtualmin installation in production from more than a year, but I never had this problem until now.)

Thanks!!!

It should be using x.x.x.x:443 for SSL in new domains.

What are you saying the VirtualHost line looks like for newly setup sites with SSL, is it using the asterisk?

Oh, sorry! There is a misunderstanding. Any new SSL site looks like as < VirtualHost x.x.x.x:443 >, but it don't works properly! In order to have it working, I have to change it in < VirtualHost *:443 >. If I don't do this change, Apache serves a wrong website.

Put any SSL sites like < VirtualHost x.x.x.x:443 > could be the solution ?

Thanks.

That could happen if other SSL websites are still using an asterisk. Once they're all converted to use x.x.x.x:443, they should all work properly.

Does this issue still occur after they've all been changed to x.x.x.x:443 though?

If so, what is the output of this command:

/sbin/ifconfig

Yes, I can confirm that all works properly when any SSL sites looks like < VirtualHost X.X.X.X:443 > . But, I can't explain why I had three virtualhost that looks like < Virtualhost *:443>. However, I'm absolutely sure that no change has been made manually in apache conf files until now. For any unknown reason virtualmin generated (in past) some apache .conf files with *:443 instead x.x.x.x:443 .

Could be useful to investigate over ? Or it can be considered solved ?