I've got three virtualhosts enabled
- 000-default.conf (*:80) => supposed to be default for everything not in any other vhost
- domain.conf (*:80 redirects to https) => ServerAlias domain.local
- domain-le-ssl.conf (*:443)(made by certbot) => ServerAlias domain.local
My situation is that I can access my web server with the IP address and get to the root in 000-default.conf but if I try any other domain like example1.local, it goes to https and throws an SSL certificate error and thus I conclude it uses the domain.conf virtual host.
How can I make sure 000-default.conf also catches ServerNames not in other virtual hosts?
What I've tried:
In 000-default.conf
VirtualHost _default_:80>
ServerAlias *
My three virtual hosts:
<VirtualHost _default_:80>
ServerAlias *
ServerAdmin webmaster@localhost
DocumentRoot /var/www/dir1
<Directory /var/www/dir1>
AuthType basic
AuthName "Please login."
AuthUserFile /etc/apache2/apache.htpasswd
Require valid-user
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.be
ServerAlias example.be
ServerAdmin webmaster@localhost
DocumentRoot /var/www/example
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.be
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.be
ServerAlias www.example.be
ServerAdmin webmaster@localhost
DocumentRoot /var/www/example
SSLCertificateFile /etc/letsencrypt/live/www.example.be/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.be/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/www.example.be/chain.pem
</VirtualHost>
</IfModule>
Best Answer
If you only want the SSL VirtualHost to be used on one domain, set the
ServerName
andServerAlias
directives accordingly. Anything that doesn't match will then fall through to the default VirtualHost. For clarity, you may also want to numerically identify the order of your configuration files.Note: if any traffic arrives on the port configured in the SSL VirtualHost, it will always be served as HTTPS, and will display certificate errors if the hostname does not match the certificate.
For example:
000-default.conf
001-domain.conf
002-domain-ssl.conf