I'm having issues with my VirtualHost configurations on my server. My server is running Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64), with Apache/2.4.7 (Ubuntu).
I've done a lot of reading on Apache and SNI from other threads on here, but I haven't been able to resolve my specific issue.
I have several VirtualHosts configured from different domains, each with their own SSL certificates, like the following:
<VirtualHost *:80>
ServerAdmin admin@mydomain.com
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot /home/user/mydomain.com/public_html
ErrorLog /home/user/mydomain.com/logs/error.log
CustomLog /home/user/mydomain.com/logs/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@mydomain.com
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot /home/user/mydomain.com/public_html
ErrorLog /home/user/mydomain.com/logs/error.log
CustomLog /home/user/mydomain.com/logs/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/mydomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
SSLCACertificateFile /etc/apache2/ssl/mydomain.com.root.crt
SSLCertificateChainFile /etc/apache2/ssl/mydomain.com.chain.crt
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@otherdomain.com
ServerName otherdomain.com
ServerAlias www.otherdomain.com
DocumentRoot /home/user/otherdomain.com/public_html
ErrorLog /home/user/otherdomain.com/logs/error.log
CustomLog /home/user/otherdomain.com/logs/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@otherdomain.com
ServerName otherdomain.com
ServerAlias www.otherdomain.com
DocumentRoot /home/user/otherdomain.com/public_html
ErrorLog /home/user/otherdomain.com/logs/error.log
CustomLog /home/user/otherdomain.com/logs/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/otherdomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/otherdomain.com.key
SSLCACertificateFile /etc/apache2/ssl/otherdomain.com.root.crt
SSLCertificateChainFile /etc/apache2/ssl/otherdomain.com.chain.crt
</VirtualHost>
This works fine most of the time, for most browsers, however ever now and then on specific devices or at random times, when I try to goto "otherdomain.com", it tries to grab the SSL certificate of the "mydomain.com", which gives a phishing / bad certificate error.
I read that SNI might be the solution, so I added the following to my Apache configuration:
<IfModule mod_ssl.c>
NameVirtualHost *:443
Listen 443
</IfModule>
However it also appears that in my version of Apache (2.4) that feature has been phased out, which is confirmed whenever I restart Apache:
# service apache2 restart
* Restarting web server apache2
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/ports.conf:17
It also doesn't appear to have corrected the issue, I still receive that error. I am able to replicate this problem every time by using an old BlackBerry.
With the exception of having to get a unique IP address for each VirtualHost using SSL, what are my options to resolve this issue?
Also my example only shows 2 domains, however I actually have 5 domains set up with their own SSL certificates. They all grab the first domain's SSL certificate when I'm able to replicate the issue.
Greatly appreciate any assistance.
Best Answer
Name based virtual hosts are not being phased out. The
NameVirtualHost
setting is being removed because it is redundant. The rest of the configuration will contain enough information for Apache to know whether that setting would have to be enabled or not.Also SNI is not a setting which you can turn on or off on the server side. Either the client supports it and sends the SNI field in the very first message sent to the server, or the client does not support it, and there is nothing the server can do about that.
Your options are: