I have an apache 2.4 webserver running on Ubuntu 14.04 LTS.
Is it possible to enable SSL only for a single VirtualHost and leaving the other VirtualHosts unaffected (including the default one)?
For example, in my web server I have this sites running over HTTP:
000-default.conf
hello.com.conf
welcome.com.conf
secure.com.conf
I don't have default-ssl.conf enabled.
Now I want to run secure.com.conf under HTTPS (:443) so I enabled the ssl plugin with a2enmod ssl and changed the VHost configuration in this way:
<VirtualHost *:443>
ServerName www.secure.com
...
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.secure.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.secure.com/privkey.pem
</VirtualHost>
Anyway, when I restart apache with service apache2 restart it fails and says:
[ssl:emerg] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[ssl:emerg] AH02312: Fatal error initialising mod_ssl, exiting.
EDIT:
By adding SSLCertificateChainFile to the configuration I managed to start the webserver…
Anyway, if I try to load (just for testing) https://hello.com, apache now wants to serve it and all the other VirtualHosts with the secure.com certificate and of course the browser gives the error: NET::ERR_CERT_COMMON_NAME_INVALID
Best Answer
The error seems to indicate that the letsencrypt certificate is not available at the location of SSLCertificateFile. Without a certificate, the server cannot serve SSL. Did you install the letsencrypt setup correctly? Usually there is a snakeoil self-encrypted certificate in your /etc/ssl/certs and /etc/ssl/private paths. You could use that for testing purposes: the server will run fine, but the browser will complain.