Ssl – Apache 2.4 SSL _default_ overriding virtualhost

I have an Apache 2.4 server that I have created a self-signed cert for testing https with a new client site. The problem I'm encountering is that the ssl.conf file's is always loading for my site when I attempt to go to the defined virtualhost I set up in a separate vhosts.conf file.

Could someone please help me understand why the desired virtualhost is never loading and only the default is?

My ssl.conf contents

Listen 443 https

SSL Global Context
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin

<VirtualHost _default_:443>
  DocumentRoot "/var/www/html"
  ServerName localhost:443

  ErrorLog logs/default_ssl_error_log
  TransferLog logs/default_ssl_access_log
  LogLevel warn

  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

  SSLCertificateFile /etc/pki/tls/certs/localhost.crt
  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
  </Files>
  <Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
  </Directory>

  BrowserMatch "MSIE [2-5]" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0

  CustomLog logs/ssl_request_log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

My virtualhost file content

<VirtualHost demo.ffh.com:443>
  ServerAdmin   skittles@site.com
  ServerName    demo.ffh.com
  DocumentRoot  "/var/www/vhosts/ffh/public"

  RewriteEngine On
  # And THIS doesn't seem to be working at all!
  LogLevel debug rewrite:trace8

  <Directory "/var/www/vhosts/ffh/public/">
    AllowOverride all
    SSLOptions +StdEnvVars
    #Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
    SSLRequireSSL On
  </Directory>

  SSLEngine on

  SSLCertificateKeyFile /etc/httpd/ssl/ssl.key/demo_ffh.key
  SSLCertificateFile    /etc/httpd/ssl/ssl.crt/demo_ffh.crt

  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
  </FilesMatch>

  BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

  CustomLog logs/ssl_ffh-access.log combined
  ErrorLog logs/ssl_ffh-error.log
</VirtualHost>

Does anyone see why the vhosts.conf site is being ignored in favor of the default? And how do I fix this? Been banging my head against a wall all day with this.

NOTE: "Probably worth calling out that I have tried the IP address and *:443 in the vhost.conf instead of the domain, but still no love."

Best Answer

I have been having this issue and four solutions were to

change the paths to point at my cert and key (and any other intermediate certs?) directly in the /etc/httpd/conf.d/ssl.conf

This is ok if you have only a single SSL cert for the whole machine.

remove the entire default virtualhost entry from ssl.conf,

This gives me the configuration in SSL.conf and allows me to determine my own VirtualHost entries for multiple SSL certs (if necessary)

put the ssl.conf (alphabetically) after my desired conf file, which I named "vhosts.conf" (I changed ssl.conf to "vv.conf" to test this)

This works as well for multiple SSL certs in my vhosts.conf file, but makes me feel dirty because I'm changing names. I guess one could use the conf.modules.d-meets-sitesenabled syntax of 010-vhosts.conf 020-ssl.conf and feel very slightly less dirty.

put my own cert and key in /etc/pki/tls/certs/localhost.crt and /etc/pki/tls/private/localhost.key

Eh... maybe for some people.. I didn't like that though.

Best Answer

Related Solutions

Apache 2.4 Virtualhost Blank Screen

Ssl – setting up multiple ssl certificates on same server/ip on CENTOs with apache 2.2

Related Topic