Apache delivering wrong SSL-Cert

2.7k views Asked by At

I have a Server which is running Debian 8.1 with Apache 2.4.10 and OpenSSL 1.0.1k. I have a domain example.com with a few subdomains like www.example.com, cloud.example.com and db.example.com all pointet to the Server (A-Records). All these subdomains have their own VirtualHosts with their own SSL-Certificates. Also if you send a HTTPS-Request with another domain or with the IP you'll get a page with a self-signed certificate. Everything was running perfect until I rebootet my server. Now when I request example.com (without a subdomain-prefix) I get the self-signed crt. The subdomains are working perfectly fine. I have the following vHost-Configs:

(because I only want HTTPS I have a Rewrite-Rule for all HTTP-Connections)

000-default.conf

<VirtualHost *:80>
    ServerAdmin [email protected]
    RewriteEngine On
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
    ErrorLog ${APACHE_LOG_DIR}/error.log
    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin [email protected]
    DocumentRoot /var/www

    <Directory /var/www>
            AllowOverride All
            Require all granted
    </Directory>

    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/default/ca.crt
    SSLCertificateKeyFile /etc/ssl/certs/default/ca.key
</VirtualHost>
</IfModule>

www.example.com.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /var/www/example
    <Directory /var/www/example>
            AllowOverride All
            Require all granted
    </Directory>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/www.example.com/ca.crt
    SSLCertificateKeyFile /etc/ssl/certs/www.example.com/ca.key
    SSLCertificateChainFile /etc/ssl/certs/www.example.com/sub.class1.server.ca.pem
    SSLCACertificateFile /etc/ssl/certs/www.example.com/ca.pem
</VirtualHost>
</IfModule>

cloud.example.com.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName cloud.example.com
    DocumentRoot /var/www/example
    <Directory /var/www/example>
            AllowOverride All
            Require all granted
    </Directory>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/www.example.com/ca.crt
    SSLCertificateKeyFile /etc/ssl/certs/www.example.com/ca.key
    SSLCertificateChainFile /etc/ssl/certs/www.example.com/sub.class1.server.ca.pem
    SSLCACertificateFile /etc/ssl/certs/www.example.com/ca.pem
</VirtualHost>
</IfModule>

I really hope that somebody can help me!

2

There are 2 answers

0
HaehnleinMar On

The hostname was example (like the domain, but without .com) so I changed the hostname to some random typing and after a reboot everything worked fine again. When I changed my hostname back it kept working even after a reboot.

0
nurb On

For me changing the order of VirtualHosts helped to solve the problem, by putting malfunctioning VirtualHost to the top in the conf file.