Help with SSL for Multiple Domains (Virtual Hosts) LAMP + Cloudflare

December 16, 2018 699 views
Apache Ubuntu

I have 5 domains set up as virtual hosts on LAMP.

They work fine for HTTP but I can't work out how to configure the config files to work for SSL for each domain.

At the moment, each domain has its own virtual host config file.

I'm using cloudflare CDN and my nameservers go via Cloudflare. I also use Cloudflare SSL and have set up a 'to server' SSL via cloudflare on one of my domains.

To do this I set that domain's config file with the 443 channel and this snippet of code (which works great):

SSLEngine on
SSLCertificateFile /etc/ssl-cloudflare/filename.com.au.pem
SSLCertificateKeyFile /etc/ssl-cloudflare/filename.com.au.key

Unfortunately, when I go into the config file of another virtual host domain and do the same setup, after uploading a new .pem and .key from Cloudflare, it doesn't work and SSL URLs to the new domain redirect to the first domain.

I understand this might be something to do with the order of virtual host files and that 443 only works once?

I'm thinking perhaps I should include all my SSL configs for all domains in a single config file rather than all in separate virtual host config files as they are for non-SSL.

This is where I've fallen over though. I just can't find a good example config for this setup.

Can anyone provide me with a working example file of an SSL setup with multiple domains and multiple .pem and .key files (one for each domain) on a single droplet and IP?

If I'm heading down the wrong track, can you give me example code of the right track?

I'm new to this, but learning fast.

Thanks all.

1 Answer

Hey friend,

This behavior here generally indicates that the virtual host in question isn't listening on 443:

after uploading a new .pem and .key from Cloudflare, it doesn't work and SSL URLs to the new domain redirect to the first domain.

Make sure you're restarting the web server each time. You can have any number of sites on 443 just the same as 80, but if the site you're visiting has no virtual host for port 443 then your visit will be directed to the first virtual host in line that does have a 443 listener enabled.

Jarland

Have another answer? Share your knowledge.