I'm having issues with my VirtualHost configurations on my server. My server is running Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64), with Apache/2.4.7 (Ubuntu).
I've done a lot of reading on Apache and SNI from other threads on here, but I haven't been able to resolve my specific issue.
I have several VirtualHosts configured from different domains, each with their own SSL certificates, like the following:
<VirtualHost *:80> ServerAdmin [email protected] ServerName mydomain.com ServerAlias www.mydomain.com DocumentRoot /home/user/mydomain.com/public_html ErrorLog /home/user/mydomain.com/logs/error.log CustomLog /home/user/mydomain.com/logs/access.log combined </VirtualHost> <VirtualHost *:443> ServerAdmin [email protected] ServerName mydomain.com ServerAlias www.mydomain.com DocumentRoot /home/user/mydomain.com/public_html ErrorLog /home/user/mydomain.com/logs/error.log CustomLog /home/user/mydomain.com/logs/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/mydomain.com.crt SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key SSLCACertificateFile /etc/apache2/ssl/mydomain.com.root.crt SSLCertificateChainFile /etc/apache2/ssl/mydomain.com.chain.crt </VirtualHost> <VirtualHost *:80> ServerAdmin [email protected] ServerName otherdomain.com ServerAlias www.otherdomain.com DocumentRoot /home/user/otherdomain.com/public_html ErrorLog /home/user/otherdomain.com/logs/error.log CustomLog /home/user/otherdomain.com/logs/access.log combined </VirtualHost> <VirtualHost *:443> ServerAdmin [email protected] ServerName otherdomain.com ServerAlias www.otherdomain.com DocumentRoot /home/user/otherdomain.com/public_html ErrorLog /home/user/otherdomain.com/logs/error.log CustomLog /home/user/otherdomain.com/logs/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/otherdomain.com.crt SSLCertificateKeyFile /etc/apache2/ssl/otherdomain.com.key SSLCACertificateFile /etc/apache2/ssl/otherdomain.com.root.crt SSLCertificateChainFile /etc/apache2/ssl/otherdomain.com.chain.crt </VirtualHost> This works fine most of the time, for most browsers, however ever now and then on specific devices or at random times, when I try to goto "otherdomain.com", it tries to grab the SSL certificate of the "mydomain.com", which gives a phishing / bad certificate error.
I read that SNI might be the solution, so I added the following to my Apache configuration:
<IfModule mod_ssl.c> NameVirtualHost *:443 Listen 443 </IfModule> However it also appears that in my version of Apache (2.4) that feature has been phased out, which is confirmed whenever I restart Apache:
# service apache2 restart * Restarting web server apache2 AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/ports.conf:17 It also doesn't appear to have corrected the issue, I still receive that error. I am able to replicate this problem every time by using an old BlackBerry.
With the exception of having to get a unique IP address for each VirtualHost using SSL, what are my options to resolve this issue?
Also my example only shows 2 domains, however I actually have 5 domains set up with their own SSL certificates. They all grab the first domain's SSL certificate when I'm able to replicate the issue.
Greatly appreciate any assistance.
