Related

.htaccess file has the wrong version Question Question
Site is not responding, just loads and loads Question Question

Question

SSL Certificate on one website interferes with all the other websites on the same droplet which do not have an SSL Certificate.

Posted April 21, 2016 10.7k views
UbuntuApacheDigitalOcean

Hello,

I have the following problem. I have about a dozen websites running on one droplet with the help of virtual hosts. I have installed an SSL Certificate on just one of them and it works great. Now the issue is:

Let:
SITE-SSL be the website with the SSL Certificate installed and
SITE-NO-SSL be any of the other websites with no SSL Certificate on the same droplet

If i browse to SITE-NO-SSL with https:// instead of http:// , I would normally want nothing to happen, maybe get a 404 or redirect to http:// , but instead this happens:

http://stinseid.net/img/prob1.jpg
http://stinseid.net/img/prob2.jpg

Okay, so then the weird part is, if I click on proceed, it takes me to SITE-SSL but the domain doesn’t change and I can browse through SITE-SSL with the URL still being the one from SITE-NO-SSL.

Of course, I want to get rid of this as soon as possible, but I couldn’t come up with any solution. Why would the websites with no SSL somehow be connected to the website with SSL.

My configuration is as follows:

I am running a LAMP stack on Ubuntu 14.04.
All the websites with no SSL have a .conf file that looks like this:

<VirtualHost *:80>

        ServerAdmin admin@mysite.com
        ServerName mysite
        ServerAlias www.mysite.com
        DocumentRoot /var/www/mysite.com/public

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

And the .conf for the website with SSL looks like this:

<VirtualHost *:80>
   ServerName mysite-ssl.com
   Redirect permanent / https://mysite-ssl.com/
</VirtualHost>

<VirtualHost *:443>

        ServerAdmin admin@mysite-ssl.com
        ServerName mysite-ssl.com
        ServerAlias www.mysite-ssl.com
        DocumentRoot /var/www/mysite-ssl.com/public
        SSLEngine on

        SSLCertificateFile /path/to
        SSLCertificateKeyFile /path/to
        SSLCertificateChainFile /path/to

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

I suspect that this <VirtualHost *:443> is not contained to this particular virtual host and whenever i access https:// for any domain on this droplet it comes through this virtual host that listens to 443 and shows the content of this website, that has the SSL Certificate.

I tried putting a <VirtualHost *:443> inside the .conf file for the non-SSL websites where I would redirect to http:// , but then the apache service wouldn’t run and the error log would say this:

Command line: '/usr/sbin/apache2'
AH00169: caught SIGTERM, shutting down
AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/mysite.com.conf:1)
AH02312: Fatal error initialising mod_ssl, exiting.
AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)

This is it. I really don’t know how to solve this. I hope someone knows something about this problem.

Add a comment
uagamaga
By:
uagamaga
Add a comment
1 comment
  • lordzden February 15, 2018
    Reply Report

    Hello, Can you please share the code or solution for this issue. I am currently facing this same problem. The problem is I have zero knowledge about this.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers
jsamuel April 22, 2016

What you’re seeing here is due to how the SSL protocol works.

When a browser makes an https:// request for a domain, it first connects to the server over the SSL port (port 443). Only after it connects to the SSL port of the server does it begin the SSL protocol where it asks the server to provide the site’s SSL certificate.

As a result, if one site on a server has SSL enabled, if you go to the “https://” URL of any site on the server, the browser will immediately attempt to secure the connection and will check the certificate the server sends back. You can’t get a 404 page or a redirect until after the connection is secured by the browser.

So, you’re only option for any sites that don’t have their own valid SSL certificate is to let the user see a warning about an untrusted certificate when those sites are accessed with “https:// URLs. If you don’t want one of the real site’s domains to be shown in the SSL certificate information in the warning they see, you can use a self-signed certificate with a fake name. But visitors will still see scary untrusted site warnings in the browser in that case.

The only way to entirely avoid the SSL warnings on your servers for sites without their own SSL cert is to either a) use a valid SSL cert for each domain, or b) host your non-SSL sites on a separate server where there are no SSL sites at all.

Reply Report
newbie April 22, 2016

i think you need to install self signed ssl for all the non ssl sites. then after giving warning it will take you to the correct location.

Reply Report
Phiber April 25, 2016

Will need to put SSL sites each on their own IP and not as VHost.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help