Join Log in
Score:0
yaugenka avatar Server

Subdomain is not catched by domain virtual host

jp flag
yaugenka

Using apache2 on Ubuntu server 22.04.

0-default.conf

<VirtualHost *:80>
    //ServerName and ServerAlias undefined
</VirtualHost>

0-default-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        //ServerName and ServerAlias undefined
    
        Redirect permanent / "http://my_ip_address/"
    
        SSLCertificateFile  /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
    </VirtualHost>
</IfModule>

example.com.conf

<VirtualHost *:80>
    ServerName example.com
    ServerAlias *.example.com

    Redirect permanent / https://example.com/
</VirtualHost>

example.com-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost *:443>

        ServerName example.com
        ServerAlias *.example.com

        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    </VirtualHost>
</IfModule>

The letsencrypt certificate includes: example.com, www.example.com and mail.example.com

There is the following error in the logs:

[ssl:info] [pid 947] AH01914: Configuring server mail.example.com:443 for SSL protocol
[ssl:debug] [pid 947] ssl_engine_init.c(528): AH01893: Configuring TLS extension handling
[ssl:debug] [pid 947] ssl_util_ssl.c(451): AH02412: [mail.example.com:443] Cert does not match for name 'mail.example.com' [subject: CN=vm1878795 / issuer: CN=vm1878795 / serial: 4AEB9107E420C7927F1EC0126E430A894F6BBC6B / notbefore: Aug 22 18:05:38 2023 GMT / notafter: Aug 19 18:05:38 2033 GMT]
[ssl:warn] [pid 947] AH01909: mail.example.com:443:0 server certificate does NOT include an ID which matches the server name
[ssl:info] [pid 947] AH02568: Certificate and private key mail.example.com:443:0 configured from /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key
[ssl:info] [pid 947] AH01876: mod_ssl/2.4.52 compiled against Server: Apache/2.4.52, Library: OpenSSL/3.0.2

Any ideas please why the https mail.example.com is catched by the default host rather than the domain one?

Update

Here is an output from apachectl -D DUMP_VHOSTS

VirtualHost configuration:
*:443                  is a NameVirtualHost
     default server mail.example.com (/etc/apache2/sites-enabled/0-default-ssl.conf:2)
     port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/0-default-ssl.conf:2)
     port 443 namevhost example.com (/etc/apache2/sites-enabled/example.com-ssl.conf:2)
             wild alias *.example.com
*:80                   is a NameVirtualHost
     default server mail.example.com (/etc/apache2/sites-enabled/0-default.conf:1)
     port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/0-default.conf:1)
     port 80 namevhost example.com (/etc/apache2/sites-enabled/example.com.conf:1)
             wild alias *.example.com

So probably the question should be: why does it consider mail.example.com as the default server name? Could PTR pointing to mail.example.com be the reason?

22
0 + 2
kab00m avatar
br flag
kab00m
Do you have NameVirtualHost directive ? It is vital to have it for SNI. SNI is getting virtual host name from SSL connection before HTTP connection is established.
0
Reply
yaugenka avatar
jp flag
yaugenka
This directive is deprecated in apache 2.4 https://httpd.apache.org/docs/2.4/mod/core.html#namevirtualhost
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.