ServerAlias without www not working on SSL virtualhost

Question

I'm moving a site from a server to another, and using its current and still valid SSL certificate. The machine I'm working on is a Ubuntu 14.04 server. I've set up my usual virtual host file, let's call it my_domain.conf. These are its contents:

 #omitting the major/minor signs near VirtualHost VirtualHost *:443 ServerAdmin [email protected] ServerName mydomain.com ServerAlias www.mydomain.com SSLEngine on SSLCertificateFile /etc/ssl/certs/mydomain.com.crt SSLCertificateKeyFile /etc/ssl/private/mydomain.com.key DocumentRoot /var/www/html/mydomain.com/public ErrorLog /var/log/apache2/mydomain-error.log TransferLog /var/log/apache2/mydomain-access.log /VirtualHost 

Now, when I type www.mydomain.com on a browser, the VirtualHost works. But when I type mydomain.com, it doesn't. Both the customer and the webdesigner need it, so I can't avoid it.
I tried

• Swapping ServerName and ServerAlias, and using only ServerName
• Disabling all the other virtualhosts, including default ones
• Adding SSLStrictSNIVHostCheck both on and the off after noticing this line on my general (not site specific) error.log: [ssl:warn] [pid 6558] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)

Nothing changed, and I really can't figure out why this is happening

EDIT: I forgot to add, by "it doesn't work" I mean the virtual host config file is bypassed and the browser takes me to the apache2 default document root

Answer 1

Same here. I gave up trying to make ServerAlias on SSL host. My solution:

VirtualHost *:443 ServerAdmin [email protected] ServerName mydomain.com ... /VirtualHost VirtualHost *:443 ServerAdmin [email protected] ServerName www.mydomain.com ...//same as above /VirtualHost 

I know it's ugly, but it works - no headache.

Answer 2

The message "Name-based SSL virtual hosts only work for clients with TLS server name indication support" refers to a lack of SNI support in the web client (i.e. your browser). In other words, this message generally does not point to an issue with your server setup but rather is just a warning that some browsers will not be able to access the server. For clarity, this is an "information" message only and does not indicate anything is wrong.

Notably, many older browsers do not have SNI support, and as a result cannot negotiate between Subject Alternative Names (SANs) in a multi-domain certificate. For a list of browsers, or just more information, you can do a web search for "SNI support," but, in reality, you would have to have a pretty compelling reason to give up use of a multi-domain certificate just to be compatible with an older browser.

You probably need to up your LogLevel to get more detailed information before anyone can help you find the issue.

Answer 3

I had very similar issue and figured it out using debug log level. I didn't disable defail virtual host definition (ssl.conf). There was no DocumentRoot or ServerName or Alias there but for some reason this configuration was conflicting with my vhost. So to solve it just comment whole default virtual host section:

#<VirtualHost _defaulr_:443> #... #</VirtualHost> 

Copy certificate details to vhost or outside of it (for global usage) and restart apache. It helped for me.

Answer 4

Try with only ServerAlias Like :

ServerAdmin [email protected] ServerAlias example.com ServerAlias www.example.com DocumentRoot /var/www/html/ 

I am currently using this and my sites are working perfectly.