SSL Certificate with Multiple domain

#1
Hi,
I am working on a Openlitespeed project now. It include automation and customization of vhost settings without using the admin panel of ols. I setup a default vhost, with ssl, ipv4 and ipv6 everything works. When I add a second vhost with ssl, the ssl certificate of the first domain is showing .

Result shows the ols listen on all ports fine:


tcp 0 0 0.0.0.0:7080 0.0.0.0:* LISTEN 151482/openlitespee
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 151482/openlitespee
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 151482/openlitespee
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 151482/openlitespee
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 151482/openlitespee
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 151482/openlitespee
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 151482/openlitespee
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 151482/openlitespee
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 151482/openlitespee
tcp6 0 0 :::80 :::* LISTEN 151482/openlitespee
tcp6 0 0 :::80 :::* LISTEN 151482/openlitespee
tcp6 0 0 :::80 :::* LISTEN 151482/openlitespee
tcp6 0 0 :::80 :::* LISTEN 151482/openlitespee
tcp6 0 0 :::443 :::* LISTEN 151482/openlitespee
tcp6 0 0 :::443 :::* LISTEN 151482/openlitespee
tcp6 0 0 :::443 :::* LISTEN 151482/openlitespee
tcp6 0 0 :::443 :::* LISTEN 151482/openlitespee


The default SSL vhost:
This is the main virtual host for hostname or server name.


virtualHost DefaultHost {
user www-data
group www-data
vhRoot /var/www
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 2
docRoot /var/www/html
vhDomain u.foo.com
vhAliases *
adminEmails web-admin@u.foo.com
enableGzip 1
enableIpGeo 1
listeners DefaultIPv4,DefaultIPv4SSL,DefaultIPv6,DefaultIPv6SSL
rewrite {
enable 1
autoLoadHtaccess 1
}
context / {
allowBrowse 1
location $DOC_ROOT/
rewrite {
RewriteFile .htaccess
}
}

vhssl {
keyFile /usr/local/my/etc/ssl/key.pem
certFile /usr/local/my/etc/ssl/crt.pem
certChain 1
sslProtocol 24
ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
}
}


Listener configurations : I added ipv4 and ipv6 listeners for both ssl and non-ssl connection

# Default http lister
listener DefaultIPv4 {
address *:80
secure 0
map DefaultHost u.foo.com *
}
listener DefaultIPv6 {
address [ANY]:80
secure 0
map DefaultHost u.foo.com *
}
# Default ssl listner
listener DefaultIPv4SSL {
address *:443
secure 1
map DefaultHost u.foo.com *
keyFile /usr/local/my/etc/ssl/key.pem
certFile /usr/local/my/etc/ssl/crt.pem
certChain 1
sslProtocol 24
}
listener DefaultIPv6SSL {
address [ANY]:443
secure 1
map DefaultHost u.eenos.com *
keyFile /usr/local/my/etc/ssl/key.pem
certFile /usr/local/my/etc/ssl/crt.pem
certChain 1
sslProtocol 24
}


Second virtual host
This is another vhost hosting on the server .

# Non-ssl vhost
virtualHost mysite.com {
user myuser
group myuser
vhRoot /home/myuser
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 2
listeners DefaultIPv4,DefaultIPv6
#VirtualHost config settings
docRoot /home/myuser/public_html
vhDomain mysite.com
vhAliases www.mysite.com
adminEmails webmaster@mysite.com
enableGzip 1
enableIpGeo 1

accesslog /var/log/domlogs/mysite.com {
useServer 0
logFormat %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"
logHeaders 5
rollingSize 0
}
accesslog /var/log/domlogs/mysite.com-bytes_log {
useServer 0
logFormat %O %I
rollingSize 0
}
scripthandler {
add laspi:myproject-php80 php
add laspi:myproject-php80 phtml
}
phpIniOverride {
php_admin_flag engine ON
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f myuser@mysite.com"
}
rewrite {
enable 1
autoLoadHtaccess 1
}
# include aliases
include /etc/ols/alias.d/*.conf
}

# Ssl vhost
virtualHost mysite.com-SSL {
user myuser
group myuser
vhRoot /home/myuser
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 2
listeners DefaultIPv4,DefaultIPv4SSL,DefaultIPv6,DefaultIPv6SSL
#VirtualHost config settings
docRoot /home/myuser/public_html
vhDomain mysite.com
vhAliases www.mysite.com
adminEmails webmaster@mysite.com
enableGzip 1
enableIpGeo 1

accesslog /var/log/domlogs/mysite.com {
useServer 0
logFormat %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"
logHeaders 5
rollingSize 0
}
accesslog /var/log/domlogs/mysite.com-bytes_log {
useServer 0
logFormat %O %I
rollingSize 0
}
scripthandler {
add laspi:myproject-php80 php
add laspi:myproject-php80 phtml
}
phpIniOverride {
php_admin_flag engine ON
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f myuser@mysite.com"
}
rewrite {
enable 1
autoLoadHtaccess 1
}
vhssl {
keyFile /etc/letsencrypt/live/mysite.com/fullchain.pem
certFile /etc/letsencrypt/live/mysite.com/privkey.pem
certChain 1
sslProtocol 24
ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
}
# include aliases
include /etc/ols/alias.d/*.conf
}

So the docs says the SSL with SNI works fine , but am I missing something on this configuration .Any help from the community will be appreciated.
Thanks
 
#2
OOps. I fixed it , it was my fault . The ssl certificate and key file added wrongly in the domains vhost settings. That was making the issue. I fixed as follows,
certFile /etc/letsencrypt/live/mysite.com/fullchain.pem
keyFile /etc/letsencrypt/live/mysite.com/privkey.pem
 
Top