We have several cloud web servers running on Linode. Ubuntu 14.01
On one of these, when I try to enable SSL on one of the Virtual servers running on this instance, Apache fails to reboot. We get an error that I should have copied but did not… I can force it to happen again if need be…
SET UP:
The main IP for the host/box (shiv.gurudeva.org) itself is 45.56.82.123
This IP also serves as the IP for several domains/virtual servers sharing that same IP
dev.himalayanacademy.com
wiki.hindu.org
eastkauaiwater.org
jnanadana.org
wailuarivernursery.com
We have another virtual server on the same machine, to which, when we set it up, we purchased a second IP so on that same machine, because, three years ago, we wanted and SSL for this domain and it seemed wise to have it on it’s own IP at the time. So:
www.himalayanacademy.com is served from 45.79.88.48
From the same Apache instance.
OK, so far… so good. https was/is working fine on www.himalayanacademy.com from port 443, the other sites did not need encryption.
Recent innovations, Apple’s new mobile rules requiring https for server comms etc. and in order to save money, our business office which also runs some domains at Digital Ocean calls me as says they want to revoke the SSL certs with GoDaddy, get credits and then we buy a 3 year consolidated SSL that can server 10 domains. I say, sure… no problem sounds good, I need encryption at our dev site (dev.himalayanacademy.com) sand box domain anyway, for testing. So far so good, all certs revoked… a new one is issued… I update the certificate/ssl files for www.himalayanacademy.com using VirtualMin Manage SSL certs panel… also goes well paste private, paste cert, add CA chain, reboot apache… https://www.himalayanacademy.com is working from 45.79.88.48:443 on host shiv.gurudeva.org (45.56.82.123)
Now the fun begins: In virtualmin, I go to dev.himalayanacademy.com virtual server --> edit server – check the SSL option (which was off before) and try to save. Ouch! Apache will not reboot, Calls coming in from other offices “Our main site is down! www.himalayanacademy.com”
I go back to VirtualMin, turn off SSL for dev.himalayanacademy.com… try to save… apache will reboot now, but trying to get to www.himalayanacademy.com resolves to some new error… Apache says something about “unable to redirect to template” (Sorry again , my bad… i need to copy these errors!) Now I’m really worried… go to my linode control panel. shut down the server completely, reboot… OK now www.himalayanacademy.com comes up! Whew! I thought I had broken everything.
But wait: new problem:
try this now: http://dev.himalayanacademy.com
is resolving to the DOCROOT for eastkauaiwater.org! which is a different site on the same sharedIP…
And now all my devs around the world and desktop clients that do GET and POST to dev.himalayanacademy.com for various operations (mostly in the mySql databases that are used by all domains) are broken because they cannot reach the API’s in /home/devdomain/public_html/
OK so we have two challenges/questions:
-
How do I fix the mess up with dev.himalayanacademy.com going not resolving to the DOCROOT that is clearly defined in the HTTP.conf… This is Ubuntu, so there are a various *.conf files that are called when Apache boots.
-
is it going to be possible to set SSL, one one of the domains (dev.himalayanacademy.com) on the share IP 45.56.82.123… while at the same time, using the same certificates of a separate domain on the same box using a different IP ? www.himalayanacademy.com at 45.79.88.48?
Our business team runs all their very small but very secure domains (for ecommerce) also on a single shared IP on ubuntu and they say they can set the certs for all of these to the new SSL consolidated certificate (good for 10 domains) and Apache does not complain… admin is adamant that "SSL certicates do not register IPs!)
So, I’m stuck… I need to get dev.himalayanacademy.com back up and resolving to the right home/devdomain/public_html
and, ideally, if possible, set up SSL on that domain as well, using the new consolidated one cert-for-10-sites certificate.
HELP!