I wonder what is "best" and recommended method of setting up SSL domains on single IP, where there are redirects from :80 to :443. This was not entirely covered here, because I need those redirects (https://httpd.apache.org/docs/2.4/vhosts/name-based.html)
Domains are defined in DNS and all are redirecting to the same IP:
- Set 1: example1.com and example1.org (they share the same documentroot).
- Set 2: example2.com and example2.info (they also share another documentroot).
I have a lot of troubles of setting this up in a way that they are on single IP address. The idea is to first define normal :80 virtual servers, which catch http:// protocol, and redirects to https://. Then, proper configuration is in a whole defined in *:443 as name based virtual host. However, I would like to have some 'default' dummy virtualhost, which will have empty page in it's own plain documentroot, and only when request is to specific domain (like in set1 or set2) there should be loaded the whole virutualhost for specific domain. I decided to not use Rewrites, because simple redirects are recommended for such a task. Using redirects worked well for single domain only in my case.
My setup is the following:
<Virtualhost *:80>
ServerName example1.com
Redirect / https://example1.com
</Virtualhost>
<Virtualhost *:80>
ServerName example1.org
Redirect / https://example1.org
</Virtualhost>
<VirtualHost *:443>
ServerName example1.com
DocumentRoot .......
.......
</VirtualHost>
<VirtualHost *:443>
ServerName example1.org
DocumentRoot .......
.......
</VirtualHost>
<VirtualHost *:443>
ServerName example2.com
DocumentRoot .......
.......
</VirtualHost>
<VirtualHost *:443>
ServerName example2.info
DocumentRoot .......
.......
</VirtualHost>
One problem with this setup is that it does not work. Another problem is that it repeats itself lots of times. I think I need to configure something like this (psedoconfig):
dummy configuration, catch for example pure IP requests, etc.<Virtualdomain for example1.com and .org> if there is http requested, redirect to https and for both domains define the same setup defined documentroot, all logs and certs for this domains, etc.
<AnotherVirtual for example2 .com and .info> here again - if http is requested, move to https common documentroot, logs, etc.
I think somebody skilled in redirects can handle this or maybe there is some preferred way which I overlooked.
EDIT: OK, now the configuration has been tested out and I'm certain that I know what I have. And unfortunately it doesn't work.
I issued SSL certs for each site using acme.sh, by typing (domains changed because of privacy):
acme.sh --issue -d www.AAA.com -d AAA.com -d www.AAA.info -d AAA.info -w /home/path/aaa/www
cd /home/path/aaa/etc
acme.sh --install-cert -d www.AAA.com -d AAA.com -d www.AAA.info -d AAA.info --cert-file cert.pem --key-file priv.pem --fullchain-file fullchain.pem
This worked nicely, but apache conf has ONLY this single domain configured in vhost, and ssl part had some fake/old certs to allow Apache to start. Cert was tested and page was loaded in browser using http://AAA.com address which was redirected properly to https://AAA.com, which also worked.
Then, I reconfigured apache to support PPP.com domain, using similar procedure. This also worked when I configured apache to single domain only. Now, joining this two configurations DO NOT WORK, because PPP.com is recognized as it is having certificate of AAA.com, which triggers error NET::ERR_CERT_COMMON_NAME_INVALID
So, I'm stuck. Here is my apache config for virtual hosts: https://pastebin.com/hK3g6K3m
The part included as common.cfg contains just standard SSL options and Directory access config, logs config, etc.