Hi all,
I think I’ve messed something up but am struggling to work out where to look to fix it. I’ve set up a new server, and got a letsencrypt https cert installed on the root/default domain. It works just fine on port 443. I’ve also got a separate virtualserver set up that’s working just great with its own https from Lets Encrypt. All good.
The weirdness is that on port 10000 it’s not using the certificate for the main server domain (the default domain), but is instead trying to use the other server’s certificate.
It will be me having tried to simplify some of the Server Templates so we don’t keep having issues with the (useless to us) mail. m. admin. etc subdomain’s that are “defaults”… They always cause LetsEncrypt to fail whenever we set up a new virtualserver because we do not use VirtualMin to manage DNS.
I can not spot what’s not configured right and am looking for advice on where to be looking. The Apache config looks good, to me.
This is the content of the /etc/apache2/sites-available/0-serverurl.com.conf file:
<VirtualHost *:80>
SuexecUserGroup "#1000" "#1000"
ServerName serverurl.com
DocumentRoot /home/serverurl/public_html
ErrorLog /var/log/virtualmin/serverurl.com_error_log
CustomLog /var/log/virtualmin/serverurl.com_access_log combined
ScriptAlias /cgi-bin/ /home/serverurl/cgi-bin/
DirectoryIndex index.php index.php4 index.php5 index.htm index.html
<Directory /home/serverurl/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
<Directory /home/serverurl/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.serverurl.com
RewriteRule ^(?!/.well-known)(.*) https://serverurl.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.serverurl.com
RewriteRule ^(?!/.well-known)(.*) https://serverurl.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.4
<FilesMatch \.php$>
SetHandler proxy:unix:/var/php-fpm/165606723442032.sock|fcgi://localhost
</FilesMatch>
RedirectMatch ^/(?!.well-known)(.*)$ https://serverurl.com/$1
</VirtualHost>
<VirtualHost *:443>
SuexecUserGroup "#1000" "#1000"
ServerName serverurl.com
DocumentRoot /home/server34/public_html
ErrorLog /var/log/virtualmin/serverurl.com_error_log
CustomLog /var/log/virtualmin/serverurl.com_access_log combined
ScriptAlias /cgi-bin/ /home/server34/cgi-bin/
DirectoryIndex index.php index.php4 index.php5 index.htm index.html
<Directory /home/serverurl/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
<Directory /home/serverurl/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.serverurl.com
RewriteRule ^(?!/.well-known)(.*) https://serverurl.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.serverurl.com
RewriteRule ^(?!/.well-known)(.*) https://serverurl.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.4
SSLEngine on
SSLCertificateFile /etc/ssl/virtualmin/165606723442032/ssl.cert
SSLCertificateKeyFile /etc/ssl/virtualmin/165606723442032/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
<FilesMatch \.php$>
SetHandler proxy:unix:/var/php-fpm/165606723442032.sock|fcgi://localhost
</FilesMatch>
SSLCACertificateFile /etc/ssl/virtualmin/165606723442032/ssl.ca
</VirtualHost>
You can see that it should be serving /etc/ssl/virtualmin/165606723442032/ssl.cert
But on port 1000 it actually serves a different certificate belonging to the other virtualserver on the system.
I have a feeling I’m looking in the wrong place given that Apache here is only looking at :80 and :443 … but I’m stuck on where else to be searching.