Wildcard SSL difficulties.

Alex Dean alex at crackpot.org
Tue Jun 16 06:36:52 MST 2009 

On Jun 15, 2009, at 10:37 PM, keith smith wrote:

>
>
>
>
> I'm working on a CentOS box that has a main site and several test  
> sites setup as sub-domains.
>
> The main site has an SSL and is setup on an IP by itself.  The sub- 
> domains are setup as virtual hosts.
>
> All is working well.
>
> The server is a managed server and we recently upgraded to a wild  
> card SSL so we can test the shopping cart on the test sites using an  
> SSl to catch any problems before we move the code to the live server.
>
> Up to this point I have been able to add new virtual hosts at will.   
> Basically all I have to do is copy one of the virtual server  
> definitions and change a few things like doc root and I'm off and  
> running.  Of course a DNS addition needs to occurs also.

You can also add *.youdomain.com to DNS, rather than manually adding A  
records for every single subdomain.  Can be a time-saver if you set up  
numerous subdomains.

>
>
> I assume to take advantage of the SSL each virtual server will need  
> to be on the same IP as the main site.

The opposite, actually.  You can only have 1 SSL-enabled site per IP  
address (unless you put them on non-standard ports), so you'll need  
separate IPs for each SSL-enabled site.

>
> The only virtual servers we have are sub-domains to the main site.
>
> Here is my problem. When I put the IP of the main site in the viral  
> server like this
>
> <VirtualHost 000.000.000.000:80>
>    ServerAdmin name at server.tld
>    DocumentRoot /home/docroot/public_html
>    ServerName docroot.domain.tld
>    ErrorLog /home/docroot/logs/error_log-docroot
>    CustomLog /home/docroot/logs/combined_log-docroot combined
>    Include "conf.d/notrace.conf"
> </VirtualHost>
>
> The main site will not load in my browser.  I do not recall the  
> exact message - something like "you do not have directory access  
> permission" or something like that.

I'm not sure what's going on there.  Could you post the actual  
configuration and the error messages?  Check in your error logs to  
verify which virtual host is responding to the request.  It might not  
be the one you're expecting.

The first VirtualHost you define for a given port number (like 80)  
becomes the default vhost for that port.  If you receive a request  
which doesn't match any of the ServerName or ServerAlias values in  
your vhosts, the request will be sent to the default virtual host.   
Make sure that your main site's VirtualHost appears before any others,  
and see if that makes any difference.

Also : I don't see anything in your question which relates to SSL.   
Did something get left out?

alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090616/127f3bb9/attachment.pgp

More information about the PLUG-discuss mailing list