0

I want to redirect HTTPS connections to my domain towards a unique subdomain using Apache2 reverse proxy. I want all the connections that come to a.example.com to be redirected towards $random$.b.example.com. To generate the random value I have a script running on port 3000, all requests for a.example.com are proxied to my script which sends back a reply to client with the 302 redirect code and the new domain $random$.b.example.com and then all connections towards $random$.b.example.com are supposed to be served normally.

I have key and certificates for a.example.com and $random$.b.example.com (wildcard certificate *.b.example.com). However when my client receives the redirect it throws invalid peer certificate: CertNotValidForName and does not move on to query $random$.b.example.com. What am I doing wrong?

My virtual hosts look like this:

IfModule mod_ssl.c> <VirtualHost *:443> ServerName a.example.com SSLProxyEngine on ProxyPass / http://localhost:3000/ ProxyPassReverse / http://localhost:3000/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log vhost_combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/wildcard_domain.pem SSLCertificateKeyFile /etc/apache2/ssl/wildcard_domain.key </VirtualHost> <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName b.example.com ServerAlias *.b.example.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log vhost_combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/wildcard_domain.pem SSLCertificateKeyFile /etc/apache2/ssl/wildcard_domain.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> Alias /data /path/to/data <Directory /path/to/data> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost> </IfModule>
Improve this question

1 Answer 1

Reset to default
2

The error you get means that the subject alternative names in the certificate do not match the hostname from the URL you visit.

According to your config you seem to use the same certificate both for a.example.com and *.b.example.com. You get this error then because the certificate is not valid for both domains, i.e. you either get the certificate error before the redirect (when visiting a.example.com) or after (when visiting whatever.b.example.com).

The fix is to either use a certificate which covers both names or use two different certificates in your configuration, one for a.example.com and another which covers b.example.com and *.b.example.com. Note that a certificate for *.example.com will cover only a.example.com and b.example.com but not *.b.example.com.

Improve this answer
4
  • I have two different certificates: one for a.example.com and another one for *.b.example.com but how do I combine the two given the configuration above? Commented Jan 4, 2023 at 9:08
  • 1
    @Mnemosyne: if you have two different certificates then set SSLCertificateFile and SSLCertificateKeyFile to the certificate matching the specific VirtualHost instead of using the same certificate for both VirtualHost Commented Jan 4, 2023 at 9:11
  • hello, i changed the certificates in the first VH to match the original domain and i dont get this error anymore. Thank you! My new issue is that the path to get the data is now the new $random$.b.example.com/data instead of a.example.com/data (same IP as a.example.com) but the data is no longer accessible under the new domain. Do you have any idea how to fix this in the Directory directive? Thank you again for any suggestions. Commented Jan 4, 2023 at 13:56
  • 1
    @Mnemosyne: "My new issue ..." - please open a new question for this with all necessary details. From this short comment alone I'm not able to understand the problem. Commented Jan 4, 2023 at 15:04

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.