Adding myDomain.net to an existing droplet which already has myDomain.com (apache web server, lamp-ubuntu-s) and certificate
creating myDomain.conf & myDomain-le-ssl.conf virtual hosts.
Do I only need one certificate for each droplet?
and do these look ok?
myDomain.net.conf
<VirtualHost *:80>
ServerAdmin admin@myDomain.com
ServerName myDomain.net
ServerAlias www.myDomain.net
DocumentRoot /var/www/myDomain.net/public_html
<Directory /var/www/myDomain.net/public_html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =myDomain.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
myDomain-le-ssl.net.conf
IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@myDomain.com
ServerName myDomain.net
ServerAlias www.myDomain.net
DocumentRoot /var/www/myDomain.net/public_html
<Directory /var/www/myDomain.net/public_html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
#ServerName myDomain.net
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/myDomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myDomain.com/privkey.pem
</VirtualHost>
</IfModule>
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Featured on Community
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Heya @fingers,
You’ll need to have separate SSL certificates for your Domains, even if they share the same App which they don’t but still wanted to make sure. You’ll still need a new SSL for each of your Domains.
As for the Apache configurations. They look good with the exception of
as they call to the .com domain.
What you can try is for now to disable/rename the SSL/443 conf file and then try to use
cerbotwhich can also automatically create the conf for you with the proper certificate file.Hi there!
Let’s break down your question and address the configuration issues:
The Main Question: Do you need separate certificates?
Yes, ideally you should have separate SSL certificates for each domain. While you can technically use a single certificate with multiple domains (using Subject Alternative Names), best practices suggest separate certificates for the following reasons:
Configuration Review:
Your configuration files (
.conf) look good!One thing that you should consider is using a tool like Certbot to obtain an SSL certificate specifically for
myDomain.net. That way you don’t have to manually install your certificates or manually renew them:As a side note, every time you make a change to Apache, make sure to reload/restart it.
Hope that this helps!
Best,
Bobby