Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSL Certificates and Apache Virtual Hosts

Tags:

ssl

apache

virtual-hosts

I am encountering a very curious problem with my ubuntu server setup. I am running a few websites using a LAMP stack.

One of the websites has a dedicated ip and a comodo ssl certificate. The other websites are on a shared ip and use let'sencrypt ssl certificates.

Here's the virtual host config for the website on the dedicated ip:

# domain: example.com
# public: /home/myhomefolder/public/example.com/

<VirtualHost actual_dedicated_ip:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin [email protected]
  ServerName  www.example.com
  ServerAlias example.com
  Redirect permanent / https://www.example.com/
  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.php
  DocumentRoot /home/myhomefolder/public/example.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/myhomefolder/public/example.com/log/error.log
  CustomLog /home/myhomefolder/public/example.com/log/access.log combined
</VirtualHost>
<VirtualHost actual_dedicated_ip:443>
     SSLEngine On
     SSLProtocol ALL -SSLv2 -SSLv3
     SSLHonorCipherOrder On
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
     SSLCertificateFile /etc/apache2/ssl/www.example.com.crt
     SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key
     SSLCertificateChainFile /etc/apache2/ssl/www.example.com.ca-bundle
     <Directory /home/myhomefolder/public/example.com/public>
       Require all granted
       AllowOverride ALL
     </Directory>     
     ServerAdmin [email protected]
     ServerName example.com
     DocumentRoot /home/myhomefolder/public/example.com/public
     ErrorLog /home/myhomefolder/public/example.com/log/https_error.log
     CustomLog /home/myhomefolder/public/example.com/log/https_access.log combined
</VirtualHost>

Everything works fine except on specific networks (so far I can only reproduce this on my iphone when connected to Verizon LTE but not when connected to wifi) I get either an error saying "Safari cannot open the page because too many redirects occurred" or I get a prompt with "cannot verify server identity" and the certificate details is for another websites on the same host but a different ip.

Any ideas of what may be causing this?

like image 807
scuttle-jesuit Avatar asked Mar 08 '26 05:03

scuttle-jesuit

1 Answers

So I finally got to the bottom of this. It looks like verizon is using ipv6 and my vhost had only ipv4 configuration. As soon as I added my ipv6 ip in my vhost, the problem went away.

like image 175
scuttle-jesuit Avatar answered Mar 09 '26 21:03

scuttle-jesuit
Sign in to Comment

Related questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!