CODEWITHSUNDEEP
linuxapachesslssl-certificate
user5366090
user5366090

Reputation:

SSL Certificate error in Apache 2.4

I am running two websites on Apache 2.4 webserver. It is configured as NameBaseVhost and both have their own wildcard ssl certificate (*.site1.com and *.site2.com) issued by Godaddy. Every thing is working fine. When I access websites through it's subdomain www.site1.com and www.site2.com it works fine. Apache has a Rewrite rule to redirect http to https so both the websites are redirecting perfectly.

Now the Problem is when I redirect root domain to www, for site2.com it gives me error. 

Error code: ssl_error_bad_cert_domain

site2.com uses an invalid security certificate. 
The certificate is only valid for the following names: 
*.site1.com, site1.com

Httpd configuration of site1.com 

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R]
# Redirect root domain to www
RewriteCond %{HTTP_HOST} ^site1\.com$ [NC]
RewriteRule ^(.*)$ https://www.site1.com/$1 [R=301,L]

<VirtualHost *:443>
ServerName www.site1.com
DocumentRoot /var/www/html/site1/public/
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/site1/site1.crt
SSLCertificateKeyFile /etc/pki/tls/private/site1/site1.key
SSLCertificateChainFile /etc/pki/tls/certs/site1/gd_site1.crt
Header always set Strict-Transport-Security "max-age=31536000;
</VirtualHost>

Httpd Configuration for site2.com 

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R]
# Redirect root domain to www
RewriteCond %{HTTP_HOST} ^site2\.com$ [NC]
RewriteRule ^(.*)$ https://www.site2.com/$1 [R=301,L]

<VirtualHost *:443>
ServerName www.site2.com
DocumentRoot /var/www/html/site2/public/
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/site2/site2.crt
SSLCertificateKeyFile /etc/pki/tls/private/site2/site2.key
SSLCertificateChainFile /etc/pki/tls/certs/site2/gd_site2.crt
Header always set Strict-Transport-Security "max-age=31536000;
</VirtualHost>

How to resolve this issue?

Upvotes: 0

Views: 1859

Answers (1)

covener
covener

Reputation: 17872

You are obviously getting site1's certificate for https://site2.com. That means you're hitting the first virtual host, not the second.

You just need ServerAlias site2.com in the 2nd virtual host. It is currently only handling www.site2.com, so the first listed virtual host (which implicitly is the catch-all) is used for the cert prior to the redirect.

Upvotes: 0

Related Questions