I’ve previously setup SSL certificates using Let’s Encrypt on my main domain and various subdomains. The subdomains are on the same droplet, using Virtual Hosts.

Now, however, I have my certificates served via CloudFlare with Full encryption. It looks like my domains and subdomains are all serving certificates from Cloudflare now, instead of Digital Ocean.

I can’t add a new subdomain in the virtual hosts the same as before, and was wondering if there was a way to reset it?

What I would like to do is have my main domain, https://dhruveonmars.com still be the primary route, and fallback for any subdomains that don’t exist. However, it would go to https://dev1.dhruveonmars.com if I added that virtual host, etc. From what I understand, that would partially mean changing the hosts file for dhruveonmars.com, from dhruveonmars.com.conf to 000-dhruveonmars.com.conf.

But I’m not entirely too sure on how to get started on removing the DO/Let’s Encrypt SSL stuff, without affecting my live sites, and changing my hosts order around.

If I run apache2ctl -S, I get this:

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server dhruveonmars.com (/etc/apache2/sites-enabled/dhruveonmars.com-le-ssl.conf:2)
         port 443 namevhost dhruveonmars.com (/etc/apache2/sites-enabled/dhruveonmars.com-le-ssl.conf:2)
                 alias www.dhruveonmars.com
         port 443 namevhost www.enquiry.dhruveonmars.com (/etc/apache2/sites-enabled/enquiry.dhruveonmars.com-le-ssl.conf:2)
                 alias enquiry.dhruveonmars.com
         port 443 namevhost www.preview.dhruveonmars.com (/etc/apache2/sites-enabled/preview.dhruveonmars.com-le-ssl.conf:2)
                 alias preview.dhruveonmars.com
         port 443 namevhost www.tloi.dhruveonmars.com (/etc/apache2/sites-enabled/tloi.dhruveonmars.com-le-ssl.conf:2)
                 alias tloi.dhruveonmars.com
         port 443 namevhost www.writing.dhruveonmars.com (/etc/apache2/sites-enabled/writing.dhruveonmars.com-le-ssl.conf:2)
                 alias writing.dhruveonmars.com
*:80                   is a NameVirtualHost
         default server dhruveonmars.com (/etc/apache2/sites-enabled/dhruveonmars.com.conf:1)
         port 80 namevhost dhruveonmars.com (/etc/apache2/sites-enabled/dhruveonmars.com.conf:1)
                 alias www.dhruveonmars.com
         port 80 namevhost www.enquiry.dhruveonmars.com (/etc/apache2/sites-enabled/enquiry.dhruveonmars.com.conf:1)
                 alias enquiry.dhruveonmars.com
         port 80 namevhost www.preview.dhruveonmars.com (/etc/apache2/sites-enabled/preview.dhruveonmars.com.conf:1)
                 alias preview.dhruveonmars.com
         port 80 namevhost www.tloi.dhruveonmars.com (/etc/apache2/sites-enabled/tloi.dhruveonmars.com.conf:1)
                 alias tloi.dhruveonmars.com
         port 80 namevhost www.writing.dhruveonmars.com (/etc/apache2/sites-enabled/writing.dhruveonmars.com.conf:1)
                 alias writing.dhruveonmars.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

Any help is greatly appreciated

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi there @dhruveonmars,

If you want to keep using Cloudflare with Full encryption you still need the certificates on your server.

If you decide to remove the certificates from your server, then you would need to change the Cloudflare SSL to Flexible rather then Full.

In order to remove the certificates, you could use the sudo certbot delete command. However note that this only deletes the certificate files, and then you would need to manually sort out your Apache Virtual Hosts and adjust the configuration accordingly.

Doing this for a large number of sites could be time-consuming, I would recommend just keeping the files as they are, this should not really cause any issues for your sites.

Regarding the default Vhost, what you could do is just rename the Vhost for your main site from dhruveonmars.com.conf to 000-dhruveonmars.com.conf and as it starts with numbers, it should be the first VHost that is loaded in case that there are no other matches.

Hope that this helps!
Regards,
Bobby

  • Hey Bobby, thanks for responding and the advice.

    To rename, can I just rename the vhosts files to 000-dhruveonmars.com.conf in sites enabled/available, and then restart apache?

    Deleting or updating the files/configs shouldn’t be a problem as I only have about 5 sites on there.
    The main thing I was looking for was how to sort out the apache virtual hosts files and configurations, as I assume leaving the certificates on the server and not using them will not make a difference?

    • Hi there @dhruveonmars,

      What you could do is rename the config file in your sites-available folder then, remove the symlink from the sites-enabled folder with the unlink command.

      After that create a new symlink with the ln -s command or use the a2ensite command to enable the site.

      Let me know how it goes!
      Regards,
      Bobby

Submit an Answer