I’m trying to set up SSL on multiple websites on the same IP, however when I go to System Settings> Virtualmin Configuration > SSL Settings, I don’t have the option “Allow multiple SSL websites on the same IP”
Do I need to install another package or module so that the option appears?
Does virtualmin installs Apache with SNI support? or do i need to reinstall it in order for multiple SSL sites on one IP to work?
…Anyway, yes the problem is that when I go to the HTTPS url of all of my sites they are all getting the SSL cert and the website/content of just one of them let’s call it A. What could be the solution, any ideas?
That would be what I’d expect to see, if those particular domains didn’t yet have the SSL feature enabled. If you look in Edit Virtual Server -> Enabled Features, is the SSL website feature enabled?
Yes, they all have the SSL website feature enabled.
This is part of the apache error log of website A (the one that I get in all of the of the other sites)
[Thu Jun 09 05:21:14.549717 2016] [ssl:warn] [pid 2884] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jun 09 05:21:14.549740 2016] [ssl:warn] [pid 2884] AH01909: RSA certificate configured for DomainA.org:443 does NOT include an ID which matches the server name
[Thu Jun 09 05:21:14.615255 2016] [ssl:warn] [pid 2885] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jun 09 05:21:14.615282 2016] [ssl:warn] [pid 2885] AH01909: RSA certificate configured for DomainA.org:443 does NOT include an ID which matches the server name
and this one part of the apache error log of one of the other websites let’s call 'em domainB
[Thu Jun 09 05:13:01.445795 2016] [ssl:warn] [pid 1290] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jun 09 05:13:01.445834 2016] [ssl:warn] [pid 1290] AH01909: RSA certificate configured for domainB.com:443 does NOT include an ID which matches the server name
[Thu Jun 09 05:13:01.611843 2016] [ssl:warn] [pid 1316] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jun 09 05:13:01.611870 2016] [ssl:warn] [pid 1316] AH01909: RSA certificate configured for domainB.com:443 does NOT include an ID which matches the server name
I would try with easiest and fastest solution, make new CSR (be sure on domain name, etc.) and then reissue new certificate. Once done apply one by one and see if it works.
Well, I went to the .conf file of each site at /etc/apache2/sites-available and it seems there was a misconfiguration on each vhost at 443
Each of them had something like this: <VirtualHost 127.0.0.2:443 [IPV6 Address here]:443>
Where, per reference of the site that was working (and Apache docs), it should be: <VirtualHost *:443>
So I change to the above variable in all of them and it seems that now all of the sites are working with the correct cert and directing to the correct site.
I hope that fixes it permanently and closes this thread.
Any comments or thoughts regarding this would be appreciated.
Hmm, that’s an odd one! Virtualmin may be misunderstanding what the primary IP address is. You may want to review Virtualmin Config -> Network Settings to verify that everything in there looks correct.
You may also want to ensure that no other Virtual Hosts are configured to use that particular IP address.
