After two days of trying, I am completely at a loss with adding a certificate to my second domain. Here is my situation:
What works:
I have a dynamic site (domain1 / site1) hosted on a Digital Ocean droplet running Ubuntu. It is served using Apache and uses the Flask microframework. Everything works correctly, and I was able to install a Let's Encrypt certificate successfully using certbot.
I have added a second dynamic site (domain2 / site2) to the same droplet, sharing the single IP across the two domains/sites. I was able to get this working by following this answer: hosting multiple Flask apps for unique domains. Now I can:
(1) visit site1 via domain1 over HTTPS like I always could
(2) visit site2 via domain2 over HTTP.
What doesn't:
The problem comes in when I try to add a new Let's Encrypt certificate to site2/domain2. The tutorial at Digital Ocean and the certbot documentation suggest all I need to do is run certbot again with the new domain. A new certificate is created, but best case scenario, site1 becomes a "potential security risk" and site2 is still insecure.
Below are the contents of /etc/apache2/sites-available/ files BEFORE I attempt to install the second certificate.
000-default.conf
<VirtualHost *:80>
<Directory /var/www/FlaskApp>
Options +ExecCGI
DirectoryIndex index.py
</Directory>
AddHandler cgi-script .py
ServerAdmin webmaster#localhost
DocumentRoot /var/www/FlaskApp
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
FlaskApp.conf
<VirtualHost *:80>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =audiologysource.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail#email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.wsgi
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
FlaskApp-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/audiologysource.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/audiologysource.com/privkey.pem
</VirtualHost>
</IfModule>
My /var/www directory is organized like this:
\var\www
|
└─── FlaskApp
| | flaskapp.wsgi
| |
| └─── FlaskApp
| | __init__.py
| |
| └─── static
| └─── templates
| | home.html
| |
| └─── venv
|
└─── PersonalSiteApp #same as FlaskApp
| flaskapp.wsgi
|
└─── FlaskApp
| __init__.py
|
└─── static
└─── templates
| home.html
|
└─── venv
Here are the same files AFTER I run certbot and reload Apache:
sudo certbot --apache -d travismmoore.com -d www.travismmoore.com
000-default.conf: unchanged
FlaskApp.conf
<VirtualHost *:80>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =audiologysource.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanen$
</VirtualHost>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail#email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =travismmoore.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanen$
</VirtualHost>
FlaskApp-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias travismmoore.com
SSLCertificateFile /etc/letsencrypt/live/travismmoore.com/fullchain.p$
SSLCertificateKeyFile /etc/letsencrypt/live/travismmoore.com/privkey.$
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail#email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail#email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/travismmoore.com/fullchain.p$
SSLCertificateKeyFile /etc/letsencrypt/live/travismmoore.com/privkey.$
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Any help is greatly appreciated!
I thought I'd update this with what ended up working for those who run into the same issue. I ended up having to remove all the certificates, then add them one at a time manually, using:
sudo certbot --manual certonly -d domain_1.com -d www.domain_1.com
sudo certbot --manual certonly -d domain_2.com -d www.domain_2.com
Related
I am trying to configure two domains in one server. My environment is
My domain 1 is : www.streetview.live
My domain 2 is : www.riverview.live
Ubuntu 20.04
PHP 7
apache2
In my /etc/apache2/sites-enabled/000-default.conf I have the created the links for both the domains one after the other.
First for www.streetview.live
<VirtualHost *:80>
ServerName www.streetview.live
ServerAlias streetview.live
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/streetview
<Directory /var/www/html/streetview>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName www.streetview.live
ServerAlias streetview.live
DocumentRoot /var/www/html/streetview
SSLEngine on
SSLCertificateFile /etc/ssl/certs/streetview/www_streetview_live.crt
SSLCertificateKeyFile /etc/ssl/certs/streetview/www_streetview_live.key
SSLCertificateChainFile /etc/ssl/certs/streetview/www_streetview_live.ca-bundle
</VirtualHost>
Followed by www.riverview.live
<VirtualHost *:80>
ServerName www.riverview.live
ServerAlias riverview.live
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/riverview
<Directory /var/www/html/riverview>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName www.riverview.live
ServerAlias riverview.live
DocumentRoot /var/www/html/riverview
SSLEngine on
SSLCertificateFile /etc/ssl/certs/riverview/www_riverview_live.crt
SSLCertificateKeyFile /etc/ssl/certs/riverview/www_riverview_live.key
SSLCertificateChainFile /etc/ssl/certs/riverview/www_riverview_live.ca-bundle
</VirtualHost>
I have loaded all the files in the path /var/www/html/. I have one folder for streetview.live and another for riverview.live as follows
/var/www/html/streetview/
/var/www/html/riverview/
In the DNS server I have mapped the IP to www.streetview.live and similarly for the other site.
However, When I load the page, I face two problems.
The respective sites open only when I use www.streetview.live/streetview on the browser and similarly for riverview.live, I have to use www.riverview.live/riverview`.
For both the https is not getting enabled.
The server is hosted in AWS and I do have the ports opened in Security Group.
i try to access an application on a tomcat server via a reverse proxy and apache2.
The reverse proxy is working just fine, but the application throws an error, that cookies are disabled.
I googled but nothing helped.
My vhost.conf file:
<VirtualHost *:80>
ServerName testcms.mydomain.de
ServerAdmin webmaster#localhost
DocumentRoot /var/www/cms
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/opencms/
ProxyPassReverse / http://127.0.0.1:8080/opencms/
ProxyPassReverseCookieDomain http://localhost:8080/opencms testcms.mydomain.de
ProxyPassReverseCookiePath / /cms/Cookies
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =testcms.mydomain.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName testcms.mydomain.de
ServerAdmin webmaster#localhost
DocumentRoot /var/www/cms
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/opencms/
ProxyPassReverse / http://127.0.0.1:8080/opencms/
ProxyPassReverseCookieDomain 127.0.0.1:8080/opencms/ testcms.mydomain.de
ProxyPassReverseCookiePath / /cms/cookies
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/testcms.mydomain.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/testcms.mydomain.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
The ProxyPassReverseCookieDomain and ProxyPassReverseCookiePath should help, but they dont.
Did I miss something while implementing the reverse proxy?
Thanks for the help!
I am trying to peak my dimitri-dumont.fr domain name on my vps, however, it does not work.
I'm currently using apache2 and my vps is on ubuntu.
My domain name is pointing to the IP address of my vps (configured in A).
I created the site folder in /home/dimitri/html
After that, I did:
sudo chown -R dimitri /home/dimitri/html
sudo cmod -R 755 /home/dimitri/html
I create a dimitri-dumont.fr.conf file in /etc/apache2/sites-available and here is the content:
<VirtualHost *:80>
ServerAdmin contact#dimitri-dumont.fr
ServerName dimitri-dumont.fr
ServerAlias www.dimitri-dumont.fr
DocumentRoot /home/dimitri/html
#Redirect permanent / https://www.dimitri-dumont.fr
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /home/dimitri/html>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride None
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName dimitri-dumont.fr
ServerAlias www.dimitri-dumont.fr
ServerAdmin contact#imitri-dumont.fr
DocumentRoot /home/dimitri/html
<Directory /home/dimitri/html>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride none
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}access.log combined
</VirtualHost>
After that, i did :
sudo a2ensite dimitri-dumont.fr.conf
sudo service apache2 restart
I am tring to set two virtual host (example.com.conf and test.com.conf):
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
and
<VirtualHost *:80>
ServerAdmin admin#test.com
ServerName test.com
ServerAlias www.test.com
DocumentRoot /var/www/test.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
The problem is that if I go on localhost in my browser it is shown the website www.example.com. If I type localhost/test.com there is error not found. My goal should be to address both website with localhost/example.com and localhost/test.com.
Sounds like you could use the ServerPath directive for apache, in your case something like this should work:
<VirtualHost 127.0.0.1>
# primary vhost
DocumentRoot "/var/www/example.com"
RewriteEngine On
RewriteRule "." "/var/www/example.com/public_html"
# ...
</VirtualHost>
<VirtualHost 127.0.0.1>
DocumentRoot "/var/www/example.com/public_html"
ServerName localhost
ServerPath "/example/"
RewriteEngine On
RewriteRule "^(/sub1/.*)" "/var/www/example$1"
# ...
</VirtualHost>
<VirtualHost 127.0.0.1>
DocumentRoot "/var/www/test.com/public_html"
ServerName localhost
ServerPath "/test/"
RewriteEngine On
RewriteRule "^(/sub2/.*)" "/var/www/test$1"
# ...
</VirtualHost>
The first Vhost would be so that localhost defaults to example.com page.
if you want to browse to these folders under any virtual host, like http://localhost/test.com, then you simply need an alias directive inside a location tag appended to the end of any active virtual host
<VirtualHost *:80>
ServerName localhost
ServerAdmin webmaster#localhost
DocumentRoot /var/www
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<Location "/example.com">
Alias "/var/www/example.com/public_html"
</Location>
<Location "/test.com">
Alias "/var/www/test.com/public_html"
</Location>
Or you can put it inside the virtual host if you don't want it available anywhere else
<VirtualHost *:80>
ServerName localhost
ServerAdmin webmaster#localhost
DocumentRoot /var/www
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location "/example.com">
Alias "/var/www/example.com/public_html"
</Location>
<Location "/test.com">
Alias "/var/www/test.com/public_html"
</Location>
</VirtualHost>
I have a local dev Debx64 machine with a number of virtualhosts configured.
the primary URL is set as
<VirtualHost *:80>
ServerAdmin webmaster#blah.com
ServerName blah.com
ServerAlias blah.com
DocumentRoot /home/blah/v1.blah.com
<Directory /home/blah/v1.blah.com/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
AccessFileName .htaccess
ErrorLog /home/blah/blah_logs/v1.blah.com.in-error_log
CustomLog /home/blah/blah_logs/v1.blah.com.in-access_log common
</VirtualHost>
and that redirects to the primary operating VH
<VirtualHost *:80>
ServerAdmin webmaster#blah.com
ServerName v1.blah.com
ServerAlias v1.blah.com
DocumentRoot /home/blah/v1.blah.com
<Directory /home/blah/v1.blah.com/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
AccessFileName .htaccess
ErrorLog /home/blah/blah_logs/v1.blah.com.in-error_log
CustomLog /home/blah/blah_logs/v1.blah.com.in-access_log common
</VirtualHost>
I have a .htaccess set up on v1.blah.com to parse .html as .php
Options +ExecCGI
AddHandler php-fcgi .php .html
Action php-cgi /home/php5-fcgi
<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>
This works fine if I access the URL as v1.blah.com, however if I access it as blah.com the .htaccess is not invoked and the .html is served as normal.
What Am I missing? is there something in php.ini that needs to be changed?
Is there a particular reason why you need to have two separate entries for your hosts? Seeing as they both use the same Log Files, and DocumentRoot, could you not add blah.com to the list of ServerAlias' ?
So you would end up with the following configuration below:
<VirtualHost *:80>
ServerAdmin webmaster#blah.com
ServerName v1.blah.com
ServerAlias v1.blah.com blah.com
DocumentRoot /home/blah/v1.blah.com
<Directory /home/blah/v1.blah.com/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
AccessFileName .htaccess
ErrorLog /home/blah/blah_logs/v1.blah.com.in-error_log
CustomLog /home/blah/blah_logs/v1.blah.com.in-access_log common
</VirtualHost>