two websites, different domains, trying to setup ssl

h87

New Member
#1
i've got two listeners setup, one for port 80 and the other for 443, created the ssl using certbot certonly which issues the ssl .pem files successfully ..

both listeners have the the domains added, there are two virtual hosts added, going to different paths, one for each domain, ssl is added against each virtual host with its corresponding privkey.pem and fullchain.pem but it doesnt recognize ssl,

ssl only works for one of the domains when its added into the listener, but it only lets me add one of the ssl certificates which means one website has a working ssl and the other has a refused to connect error.. ive tried turning chained certificate to yes for both but it doesn't do anything ..

does it not work with .pem files? do i need .key and .crt files instead?

any idea how to get it working? i checked the guide, seems to only guide you for a single domain server not when you have more than one.
 

h87

New Member
#3
thanks for your reply, does it have to be .key and .crt, or can it be .pem as issued by certbot?

does it go against virtual hosts? what goes against the 443 ssl listener in this scnario? does that remain blank?
 

h87

New Member
#4
443 ssl listener, only allows one ssl to be added.. if i add one in here, whatever the cert is, then only this particular page will load, for example X cert added in ssl listener, then X website will load, cannot add two seperate ssl in this area..

for virtual host, if i add a different .pem certificate and .pem private key for each individual virtual host, the website hangs and doesnt load any pages.
 
Last edited:

Cold-Egg

Administrator
#5
443 ssl listener allows only one cert/key is correct, the virtual host one will overwrite it.
You said that you add a different .pem certificate and .pem private key for each individual virtual host, but the website hangs. It could be a configuration issue, please do a screenshot of this configuration section so we can help.
 

h87

New Member
#6
see both vhost configs below

WEBSITE 1 - ssl created for website1.co.nz

docRoot /var/www/htmlnz/
vhDomain website1.co.nz
vhAliases *.website1.co.nz

errorlog /var/www/logs/errorwp-nz.log {
useServer 0
logLevel INFO
rollingSize 10M
keepDays 30
}

accesslog /var/www/logs/accesslog-nz.log {
useServer 0
logFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"
logHeaders 6
rollingSize 10M
keepDays 30
compressArchive 1
}

index {
useServer 0
indexFiles index.php
}

rewrite {
enable 1
autoLoadHtaccess 1
logLevel 1
}

vhssl {
keyFile /etc/letsencrypt/live/website1.co.nz-0001/privkey.pem
certFile /etc/letsencrypt/live/website1.co.nz-0001/fullchain.pem
certChain 1
}




WEBSITE 2 - ssl created for staging.website2.com.au

docRoot /var/www/html/
vhDomain website2.com.au
vhAliases *.website2.com.au

errorlog /var/www/logs/errorwp-au.log {
useServer 0
logLevel INFO
rollingSize 10M
keepDays 30
}

accesslog /var/www/logs/accesslog-au.log {
useServer 0
logFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"
logHeaders 7
rollingSize 10M
keepDays 30
compressArchive 1
}

index {
useServer 0
indexFiles index.php
}

context /phpmyadmin/ {
location /var/www/phpmyadmin
allowBrowse 1
indexFiles index.php

accessControl {
allow *
}

rewrite {
enable 0
inherit 0
}
addDefaultCharset off
}

rewrite {
enable 1
autoLoadHtaccess 1
logLevel 1
}

vhssl {
keyFile /etc/letsencrypt/live/staging.website2.com.au-0002/privkey.pem
certFile /etc/letsencrypt/live/staging.website2.com.au-0002/fullchain.pem
certChain 1
}
 

h87

New Member
#10
thanks, as you mentioned, we need to issue ssl for both domains, the www.exampe.com and the root domain example.com, furthermore, i believe the ssl certs should match the Virtual Host mappings and Domain Aliases

certbot certonly --webroot -w /var/www/html/ -d example.com -d www.example.com
 
Last edited:
Top