my ssl certificate only work with 'www.example.com' and not with 'example.com'

Question

I purchased a certificate that is valid for both www.example.com and example.com. My server is working only with "www.example.com" (ssl is working fine) but it is not showing anything at all when I type "example.com" on the browser. Here is my apache file config which basicly is the same virtualHost twice but with different ServerName

Define APACHE_LOG_DIR /var/log/apache2 Define SSLCERTIFICATE /etc/apache2/ssl/mycertificate.crt Define SSLKEY /etc/apache2/ssl/mykey.key <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin [email protected] ServerName www.example.com DocumentRoot /var/www/site2/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile ${SSLCERTIFICATE} SSLCertificateKeyFile ${SSLKEY} <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> <Directory /> Options FollowSymLinks AllowOverride All </Directory> <Directory "/var/www/site2"> Options Indexes FollowSymLinks MultiViews AllowOverride All Order Allow,Deny Allow from all </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> # Same documetn root for example.com (without www) <VirtualHost *:443> ServerAdmin [email protected] ServerName example.com DocumentRoot /var/www/site2/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile ${SSLCERTIFICATE} SSLCertificateKeyFile ${SSLKEY} <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> <Directory /> Options FollowSymLinks AllowOverride All </Directory> <Directory "/var/www/site2"> Options Indexes FollowSymLinks MultiViews AllowOverride All Order Allow,Deny Allow from all </Directory> BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule> 

Aditional Information:

• my site is hosted in a virtual machine in Azure (Ubuntu 14.04 LTS)
• the domain name is from goDaddy
• there is another configuration file for http (port 80)

Answer 1

Since your certificate is valid for both example.com and www.example.com, and both domains are configured to use the same directories, there is no reason that I can see for having them as separate VirtualHosts. I would remove the second VirtualHost and change the first one to look like this:

 <VirtualHost *:443> ServerAdmin [email protected] ServerName www.example.com ServerAlias example.com [the rest of the config should look the same as it does in your post] </VirtualHost> 

Answer 2

the reason why you don't see the version without the www, is because you're using two wildcards for the IP *:443 with two different domain names. Apache simply uses the first one to use the certificate with. From Apache Documentation[1]:

The problem with using named virtual hosts over SSL is that named virtual hosts rely on knowing what hostname is being requested, and the request can't be read until the SSL connection is established. The ordinary behavior, then, is that the SSL connection is set up using the configuration in the default virtual host for the address where the connection was received.

To use a wildcard, you need then one IP per certificate. Each virtual IP will be used by Apache to redirect incoming SSL-encrypted request. To do so:

1. Add a virtual IP to the interface (if we assume it's eth0, add an alias to it)
2. Update the file ports.conf, add two entries:
   • NameVirtualHost IP1:443
   • NameVirtualHost IP2:443

3. Update your vHost to look like this:

   Site with the www
   
   ServerName www.site.com

   Site w/o the www
   
   ServerName site.com

EDIT
You can also redirect all incoming hits from "site.com" to "www.site.com". In order to do so, remove the vHost for site.com and add the following line: ServerAlias site.com

Doing so will instruct Apache to use the same vHost for both domains. If you want to redirect all incoming hits (http://example.com, and http://www.example.com) to the main, secured domain (https://www.example.com), consider adding the following instruction:

RewriteEngine On RewriteCond %{HTTPS} off # Don't put www. here. If it is already there it will be included, if not # the subsequent rule will catch it. RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{HTTP_HOST} !^www\. RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

site.com replaced with example.com per Serverfault rules

[1]https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

Answer 3

As you want to use SNI, you must enable it. Check if the

NameVirtualHost *:443

is available somewhere in your configuration

But I think it should be better to add a serverAlias and the same root directory. You can select the difference by mod_rewrite.

Answer 4

Finally I managed by doing like Jenny D suggests and also redirecting from mypage.com to www.mypage.com and changing the 'www' CName in the goDaddy configuration (where my domain stands) to point my azure VM address.

Therefore neither modify the .htaccess nor using SNI was necessary in this case. Not sure if this is the best or ideal configuration but at least is working.