Apache ServerName not in any virtual host but still get’s redirected to https

I've got three virtualhosts enabled

000-default.conf (*:80) => supposed to be default for everything not in any other vhost
domain.conf (*:80 redirects to https) => ServerAlias domain.local
domain-le-ssl.conf (*:443)(made by certbot) => ServerAlias domain.local

My situation is that I can access my web server with the IP address and get to the root in 000-default.conf but if I try any other domain like example1.local, it goes to https and throws an SSL certificate error and thus I conclude it uses the domain.conf virtual host.

How can I make sure 000-default.conf also catches ServerNames not in other virtual hosts?

What I've tried:
In 000-default.conf

VirtualHost _default_:80>

ServerAlias *

My three virtual hosts:

<VirtualHost _default_:80>
    ServerAlias *
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/dir1
    <Directory /var/www/dir1>
    AuthType basic
    AuthName "Please login."
    AuthUserFile /etc/apache2/apache.htpasswd
    Require valid-user
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
    ServerName www.example.be
    ServerAlias example.be
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/example
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.be
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName example.be
    ServerAlias www.example.be
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/example
SSLCertificateFile /etc/letsencrypt/live/www.example.be/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.be/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/www.example.be/chain.pem
</VirtualHost>
</IfModule>

Best Answer

If you only want the SSL VirtualHost to be used on one domain, set the ServerName and ServerAlias directives accordingly. Anything that doesn't match will then fall through to the default VirtualHost. For clarity, you may also want to numerically identify the order of your configuration files.

Note: if any traffic arrives on the port configured in the SSL VirtualHost, it will always be served as HTTPS, and will display certificate errors if the hostname does not match the certificate.

For example:

000-default.conf

<VirtualHost *:80>
  ServerName myserver.example.local
  ServerAlias example.local
  DocumentRoot /var/www/default

  ...

</VirtualHost>

001-domain.conf

<VirtualHost *:80>
  ServerName www.example.com
  ServerAlias example.com
  Redirect permanent / https://www.domain.com/

  ...

</VirtualHost>

002-domain-ssl.conf

<VirtualHost *:443>
  ServerName www.example.com
  ServerAlias example.com
  DocumentRoot /var/www/example.com

  ...

</VirtualHost>

Best Answer

Related Solutions

Ssl – ServerAlias without www not working on SSL virtualhost

Apache2 uses http instead of https, despite LetsEncrypt

Related Topic