Apache 2.4.6
Ubuntu 13.10
I'm trying to find out how to configure the above Apache to use a wildcard ssl certificate. So far I have had no luck whatsoever. I either get errors where apache won't start or I get an SSL error from the browser.
Since upgrading to 2.4.6 I haven't been able to get apache to start unless I remove the ssl configuration directives.
/etc/apache2/sites-enabled/default-ssl.conf
<VirtualHost _default_:443>
DocumentRoot /var/www/wiki
ErrorLog /var/log/apache2/wiki.ssl-error.log
SSLEngine On
SSLCertificateFile /etc/ssl/certs/40B75eaaadb70.crt
SSLCertificateKeyFile /etc/ssl/private/xxx.com.key
#SSLCACertificateFile /etc/ssl/certs/gd_bundle-g2-g1.crt
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/wiki
ServerName wiki.xxx.com
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/assets/itdb
ServerName assets.xxx.com
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/support19
ServerName support.xxx.com
</VirtualHost>`
/etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Errors in error.log
[Wed Jun 18 22:34:44.561219 2014] [ssl:emerg] [pid 2268] AH02312: Fatal error initialising mod_ssl, exiting.
[Wed Jun 18 22:37:17.092027 2014] [mpm_itk:notice] [pid 2321] AH00163: Apache/2.4.6 (Ubuntu) PHP/5.5.3-1ubuntu2.3 OpenSSL/1.0.1e configured -- resuming normal operations
[Wed Jun 18 22:37:17.092162 2014] [core:notice] [pid 2321] AH00094: Command line: '/usr/sbin/apache2'
[Wed Jun 18 22:40:05.230425 2014] [mpm_itk:notice] [pid 2321] AH00169: caught SIGTERM, shutting down
[Wed Jun 18 22:41:55.732150 2014] [ssl:emerg] [pid 2477] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[Wed Jun 18 22:41:55.732264 2014] [ssl:emerg] [pid 2477] AH02312: Fatal error initialising mod_ssl, exiting.
[Wed Jun 18 22:49:57.213468 2014] [ssl:emerg] [pid 2520] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[Wed Jun 18 22:49:57.213576 2014] [ssl:emerg] [pid 2520] AH02312: Fatal error initialising mod_ssl, exiting.
[Wed Jun 18 22:53:43.883013 2014] [mpm_itk:notice] [pid 2568] AH00163: Apache/2.4.6 (Ubuntu) PHP/5.5.3-1ubuntu2.3 OpenSSL/1.0.1e configured -- resuming normal operations
[Wed Jun 18 22:53:43.883126 2014] [core:notice] [pid 2568] AH00094: Command line: '/usr/sbin/apache2'
I changed the default-ssl.conf file as follows:
<VirtualHost *:443>
DocumentRoot /var/www/wiki
ErrorLog /var/log/apache2/wiki.ssl-error.log
SSLEngine On
SSLCertificateFile /etc/ssl/certs/40B75eaaadb70.crt
SSLCertificateKeyFile /etc/ssl/private/xxx.com.key
ServerName wiki.xxx.com
</VirtualHost>
<VirtualHost assets.xxx.com:443>
DocumentRoot /var/www/assets
ServerName assets.xxx.com
SSLEngine On
SSLCertificateFile /etc/ssl/certs/40B75eaaadb70.crt
SSLCertificateKeyFile /etc/ssl/private/xxx.com.key
</VirtualHost>
With the above configuration file the SSL will work but it seems to ignore the second virtual host. If I use the host support or assets it just shows the support website. I also tried replacing the *:443 and default:443 with support.xxx.com but when I do that I'm back to getting the SSL error in the browser. Thus the only thing I've been able to get the SSL working only allows for one site to be displayed. Once again, I'm using a wildcard cert.
Best Answer
Actually to avoid configuring the SSL bits for all the hosts you could edit the mods-enabled/ssl.conf file. Any changes you make here should be used for all sites where you enable SSL as long as you just specify SSLEngine on for all sites