Question

Remove SSL from Apache on Ubunutu and reset VirtualHosts

I’ve previously setup SSL certificates using Let’s Encrypt on my main domain and various subdomains. The subdomains are on the same droplet, using Virtual Hosts.

Now, however, I have my certificates served via CloudFlare with Full encryption. It looks like my domains and subdomains are all serving certificates from Cloudflare now, instead of Digital Ocean.

I can’t add a new subdomain in the virtual hosts the same as before, and was wondering if there was a way to reset it?

What I would like to do is have my main domain, https://dhruveonmars.com still be the primary route, and fallback for any subdomains that don’t exist. However, it would go to https://dev1.dhruveonmars.com if I added that virtual host, etc. From what I understand, that would partially mean changing the hosts file for dhruveonmars.com, from dhruveonmars.com.conf to 000-dhruveonmars.com.conf.

But I’m not entirely too sure on how to get started on removing the DO/Let’s Encrypt SSL stuff, without affecting my live sites, and changing my hosts order around.

If I run apache2ctl -S, I get this:

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server dhruveonmars.com (/etc/apache2/sites-enabled/dhruveonmars.com-le-ssl.conf:2)
         port 443 namevhost dhruveonmars.com (/etc/apache2/sites-enabled/dhruveonmars.com-le-ssl.conf:2)
                 alias www.dhruveonmars.com
         port 443 namevhost www.enquiry.dhruveonmars.com (/etc/apache2/sites-enabled/enquiry.dhruveonmars.com-le-ssl.conf:2)
                 alias enquiry.dhruveonmars.com
         port 443 namevhost www.preview.dhruveonmars.com (/etc/apache2/sites-enabled/preview.dhruveonmars.com-le-ssl.conf:2)
                 alias preview.dhruveonmars.com
         port 443 namevhost www.tloi.dhruveonmars.com (/etc/apache2/sites-enabled/tloi.dhruveonmars.com-le-ssl.conf:2)
                 alias tloi.dhruveonmars.com
         port 443 namevhost www.writing.dhruveonmars.com (/etc/apache2/sites-enabled/writing.dhruveonmars.com-le-ssl.conf:2)
                 alias writing.dhruveonmars.com
*:80                   is a NameVirtualHost
         default server dhruveonmars.com (/etc/apache2/sites-enabled/dhruveonmars.com.conf:1)
         port 80 namevhost dhruveonmars.com (/etc/apache2/sites-enabled/dhruveonmars.com.conf:1)
                 alias www.dhruveonmars.com
         port 80 namevhost www.enquiry.dhruveonmars.com (/etc/apache2/sites-enabled/enquiry.dhruveonmars.com.conf:1)
                 alias enquiry.dhruveonmars.com
         port 80 namevhost www.preview.dhruveonmars.com (/etc/apache2/sites-enabled/preview.dhruveonmars.com.conf:1)
                 alias preview.dhruveonmars.com
         port 80 namevhost www.tloi.dhruveonmars.com (/etc/apache2/sites-enabled/tloi.dhruveonmars.com.conf:1)
                 alias tloi.dhruveonmars.com
         port 80 namevhost www.writing.dhruveonmars.com (/etc/apache2/sites-enabled/writing.dhruveonmars.com.conf:1)
                 alias writing.dhruveonmars.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

Any help is greatly appreciated


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi there @dhruveonmars,

If you want to keep using Cloudflare with Full encryption you still need the certificates on your server.

If you decide to remove the certificates from your server, then you would need to change the Cloudflare SSL to Flexible rather then Full.

In order to remove the certificates, you could use the sudo certbot delete command. However note that this only deletes the certificate files, and then you would need to manually sort out your Apache Virtual Hosts and adjust the configuration accordingly.

Doing this for a large number of sites could be time-consuming, I would recommend just keeping the files as they are, this should not really cause any issues for your sites.

Regarding the default Vhost, what you could do is just rename the Vhost for your main site from dhruveonmars.com.conf to 000-dhruveonmars.com.conf and as it starts with numbers, it should be the first VHost that is loaded in case that there are no other matches.

Hope that this helps! Regards, Bobby