Apache2 Virtual domain servers and diffrent certificates from Let's Encrypt

espenbo · June 30, 2020, 11:53am

Nextcloud version (eg, 18.0.2): 18.06
Operating system and version (eg, Ubuntu 20.04):debian 10.4
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.38 (Debian)
PHP version (eg, 7.1):php 7.3

The issue you are facing:
I have made a domain with some sub domains.

But when I try to go to https://www.stormautomasjon.no or https://svn.stormautomasjon.no

the certificates from cloud.stormautomasjon.no is used.

Is this the first time you’ve seen this error? (Y/N): Trying to resolv it for some days

The output of your Apache/nginx/system log in /var/log/____:

/var/log/apache2# cat nextcloud_access.log 
84.213.107.109 - - [30/Jun/2020:13:38:50 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:38:50 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:38:59 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:39:00 +0200] "GET / HTTP/1.1" 302 -
84.213.107.109 - - [30/Jun/2020:13:39:00 +0200] "GET /index.php/apps/files/ HTTP/1.1" 200 11643
84.213.107.109 - - [30/Jun/2020:13:39:01 +0200] "GET /index.php/css/icons/icons-vars.css?v=1593517089 HTTP/1.1" 200 35197
84.213.107.109 - - [30/Jun/2020:13:39:01 +0200] "GET /apps/maps/js/filetypes.js?v=95f1882e-25 HTTP/1.1" 302 -
84.213.107.109 - - [30/Jun/2020:13:39:01 +0200] "GET /index.php/apps/terms_of_service/terms HTTP/1.1" 200 3708
84.213.107.109 - - [30/Jun/2020:13:39:01 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:39:01 +0200] "GET /index.php/apps/files/ HTTP/1.1" 200 11639
84.213.107.109 - - [30/Jun/2020:13:39:01 +0200] "GET /ocs/v2.php/apps/guests/api/v1//groups HTTP/1.1" 200 200
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/apporder/getOrder HTTP/1.1" 200 43
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/files_readmemd/config HTTP/1.1" 200 196
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/quickaccesssorting/api/v1/get/SortingStrategy HTTP/1.1" 200 13
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/w2g2/color?type=color HTTP/1.1" 200 8
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/w2g2/color?type=fontcolor HTTP/1.1" 200 8
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/w2g2/directory-lock HTTP/1.1" 200 23
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/quickaccesssorting/api/v1/get/CustomSortingOrder HTTP/1.1" 200 2
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/drawio/ajax/settings HTTP/1.1" 200 169
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/onlyoffice/ajax/settings HTTP/1.1" 200 2775
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/ocr/api/personal/languages HTTP/1.1" 200 2
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /ocs/v2.php/apps/text/workspace?path=%2F HTTP/1.1" 200 167
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "PROPFIND /remote.php/dav/files/ekb/ HTTP/1.1" 207 9495
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/systemtags/lastused HTTP/1.1" 200 2
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/files/ajax/getstoragestats.php?dir=%2F HTTP/1.1" 200 216
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/recommendations/api/recommendations HTTP/1.1" 200 1112
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/w2g2/lock?files=%5B%5B%22411%22%2C%22Documents%22%2Cnull%2C%22%22%2Cnull%2C%22dir%22%5D%2C%5B%22397%22%2C%22Photos%22%2Cnull%2C%22%22%2Cnull%2C%22dir%22%5D%2C%5B%221719%22%2C%22StormAutomasjon%22%2Cnull%2C%22%22%2C%22group%22%2C%22dir%22%5D%2C%5B%22410%22%2C%22Nextcloud.png%22%2Cnull%2C%22%22%2Cnull%2C%22file%22%5D%2C%5B%22396%22%2C%22Nextcloud+intro.mp4%22%2Cnull%2C%22%22%2Cnull%2C%22file%22%5D%2C%5B%22416%22%2C%22Nextcloud+Manual.pdf%22%2Cnull%2C%22%22%2Cnull%2C%22file%22%5D%2C%5B%222009%22%2C%22Readme.md%22%2Cnull%2C%22%22%2Cnull%2C%22file%22%5D%2C%5B%221703%22%2C%22test_Spreadsheet.xlsx%22%2Cnull%2C%22%22%2Cnull%2C%22file%22%5D%5D&folder=%2F HTTP/1.1" 200 364
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/core/preview?fileId=2009&c=6fe68a7e43becce00a5de8defc70cab3&x=250&y=250&forceIcon=0 HTTP/1.1" 404 2
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/core/preview?fileId=2009&x=32&y=32 HTTP/1.1" 404 2
84.213.107.109 - - [30/Jun/2020:13:39:02 +0200] "GET /index.php/apps/text/session/create?fileId=2009&guestName=Wax+Bean&forceRecreate=false HTTP/1.1" 200 357
84.213.107.109 - - [30/Jun/2020:13:39:13 +0200] "GET /apps/text/js/vendors~editor-collab~editor-guest~editor-rich~files-modal.js?v=636bd6ad41e8bf3c3cf5 HTTP/1.1" 200 7474
84.213.107.109 - - [30/Jun/2020:13:39:13 +0200] "GET /apps/text/js/vendors~editor-collab~editor-guest.js?v=3cb71a64fe185245a960 HTTP/1.1" 200 22954
84.213.107.109 - - [30/Jun/2020:13:39:13 +0200] "GET /apps/text/js/editor-collab.js?v=f806cefec5fe9c40d21c HTTP/1.1" 200 6492
84.213.107.109 - - [30/Jun/2020:13:39:13 +0200] "GET /apps/text/js/vendors~editor-rich.js?v=ca49d7b0bdf9d768d404 HTTP/1.1" 200 19420
84.213.107.109 - - [30/Jun/2020:13:39:13 +0200] "GET /index.php/apps/text/session/fetch?documentId=2009&sessionId=4&sessionToken=IMEdteE0SWb9nFvTHl1on1d3BO%2BGhcLGYENlyG2QVuMKmGR7oB%2Fj15xctY1DRcBt HTTP/1.1" 200 1
84.213.107.109 - - [30/Jun/2020:13:39:13 +0200] "GET /apps/text/js/editor-rich.js?v=8e9b7804c676de7e040a HTTP/1.1" 200 7849
84.213.107.109 - - [30/Jun/2020:13:39:13 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:39:19 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:39:20 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:39:20 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:39:25 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:39:29 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:39:32 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:39:32 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:39:38 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:39:43 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:39:49 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:39:50 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:39:50 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:39:55 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:39:59 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:40:01 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:40:01 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:40:07 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:40:13 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:40:19 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:40:20 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:40:20 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:40:26 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:40:29 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:40:32 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:40:32 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:40:37 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:40:43 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:40:49 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:40:50 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:40:51 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:40:55 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:40:59 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:41:01 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:41:01 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:41:07 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:41:14 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:41:19 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:41:20 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:41:21 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:41:25 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:41:29 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:41:31 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:41:32 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:41:37 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:41:44 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:41:49 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:41:50 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:41:51 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:41:55 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:41:59 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:42:02 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:42:02 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 74
84.213.107.109 - - [30/Jun/2020:13:42:08 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313
84.213.107.109 - - [30/Jun/2020:13:42:13 +0200] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 313


root@stormautomasjon:/var/log/apache2# cat nextcloud_error.log 
root@stormautomasjon:/var/log/apache2# 


/var/log/apache2# cat error.log 
[Tue Jun 30 13:38:48.754832 2020] [so:warn] [pid 23127] AH01574: module dav_module is already loaded, skipping
[Tue Jun 30 13:38:48.789171 2020] [mpm_prefork:notice] [pid 23128] AH00163: Apache/2.4.38 (Debian) SVN/1.10.4 OpenSSL/1.1.1d configured -- resuming normal operations
[Tue Jun 30 13:38:48.789191 2020] [core:notice] [pid 23128] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 30 13:38:48.793988 2020] [:error] [pid 23129] avahi_entry_group_add_service_strlst("svn.stormautomasjon.no") failed: Local name collision
[Tue Jun 30 13:38:48.795971 2020] [:error] [pid 23129] avahi_entry_group_add_service_strlst("stormautomasjon.no") failed: Local name collision


/var/log/apache2# cat graf_access.log 
84.213.107.109 - - [30/Jun/2020:13:39:40 +0200] "GET / HTTP/1.1" 302 680 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Safari/537.36"
84.213.107.109 - - [30/Jun/2020:13:39:40 +0200] "GET / HTTP/1.1" 500 4690 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Safari/537.36"
84.213.107.109 - - [30/Jun/2020:13:39:40 +0200] "GET /favicon.ico HTTP/1.1" 500 1191 "https://graf.stormautomasjon.no/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Safari/537.36"

/var/log/apache2# cat graf_error.log 
[Tue Jun 30 13:39:40.617406 2020] [proxy:warn] [pid 23157] [client 84.213.107.109:42778] AH01144: No protocol handler was valid for the URL / (scheme 'http'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Tue Jun 30 13:39:40.765588 2020] [proxy:warn] [pid 23154] [client 84.213.107.109:42780] AH01144: No protocol handler was valid for the URL /favicon.ico (scheme 'http'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule., referer: https://graf.stormautomasjon.no/

/var/log/apache2# cat stormautomasjon.access.log 
::1 - - [30/Jun/2020:13:39:09 +0200] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.38 (Debian) SVN/1.10.4 OpenSSL/1.1.1d (internal dummy connection)"
::1 - - [30/Jun/2020:13:39:10 +0200] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.38 (Debian) SVN/1.10.4 OpenSSL/1.1.1d (internal dummy connection)"
::1 - - [30/Jun/2020:13:39:11 +0200] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.38 (Debian) SVN/1.10.4 OpenSSL/1.1.1d (internal dummy connection)"
::1 - - [30/Jun/2020:13:39:25 +0200] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.38 (Debian) SVN/1.10.4 OpenSSL/1.1.1d (internal dummy connection)"
::1 - - [30/Jun/2020:13:41:43 +0200] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.38 (Debian) SVN/1.10.4 OpenSSL/1.1.1d (internal dummy connection)"
::1 - - [30/Jun/2020:13:44:38 +0200] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.38 (Debian) SVN/1.10.4 OpenSSL/1.1.1d (internal dummy connection)"

:/var/log/apache2# cat stormautomasjon_error.log 
[Tue Jun 30 13:38:48.751166 2020] [ssl:warn] [pid 23127] AH01909: stormautomasjon.no:443:0 server certificate does NOT include an ID which matches the server name
[Tue Jun 30 13:38:48.785936 2020] [ssl:warn] [pid 23128] AH01909: stormautomasjon.no:443:0 server certificate does NOT include an ID which matches the server name


root@stormautomasjon:/var/log/apache2# cat svn_stormautomasjon_access.log 
root@stormautomasjon:/var/log/apache2# cat svn_stormautomasjon_ssl_error.log 
root@stormautomasjon:/var/log/apache2# cat svn_stormautomasjon_ssl_error.log 
root@stormautomasjon:/var/log/apache2# cat svn_stormautomasjon_error.log 
root@stormautomasjon:/var/log/apache2# cat svn_stormautomasjon_access.log 
root@stormautomasjon:/var/log/apache2# cat svn_stormautomasjonssl_access.log 
root@stormautomasjon:/var/log/apache2#

Hello

I have made a domain with some sub domains.
But when I try to go to https://www.stormautomasjon.no or https://svn.stormautomasjon.no
the certificates from cloud.stormautomasjon.no is used.

stormautomasjon.no
www.stormautomasjon.no
cloud.stormautomasjon.no
svn.stormautomasjon.no
graf.stormautomasjon.no

/etc/apache2/sites-enabled$ ls
000-stormautomasjon.conf
000-stormautomasjon-ssl.conf
001-nextcloud.conf
001-nextcloud-ssl.conf
002-svn-stormautomasjon.conf
002-svn-stormautomasjon-ssl.conf
003-graf-stormautomasjon.conf

My config files

cat 000-stormautomasjon-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:433>
  Servername stormautomasjon.no
  ServerAlias www.stormautomasjon.no
  ServerAdmin ekb@stormautomasjon.no
  DocumentRoot /var/www/stormautomasjon
  ErrorLog /var/log/apache2/stormautomasjon_error.log
  CustomLog /var/log/apache2/stormautomasjon.access.log combined
  <Directory "/var/www/stormautomasjon">
  allow from all
  Options None
  Require all granted
  </Directory>
  SSLEngine on
   Include /etc/letsencrypt/options-ssl-apache.conf
  # Lets encrypt keys
  SSLCertificateFile /etc/letsencrypt/live/www.stormautomasjon.no/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/www.stormautomasjon.no/privkey.pem
</VirtualHost>

cat 001-nextcloud-ssl.conf
<IfModule mod_ssl.c>
  <VirtualHost *:443>
  Protocols h2 h2c http/1.1
  ServerAdmin ekb@stormelektro.no
  ServerName cloud.stormautomasjon.no
  DocumentRoot "/var/www/nextcloud"
     Alias /nextcloud "/var/html/nextcloud/"
  <IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  Header set X-Content-Type-Options "nosniff"
  # Header always set X-Frame-Options "SAMEORIGIN"
  </IfModule>
  SSLEngine on
  Include /etc/letsencrypt/options-ssl-apache.conf
  <Directory "/var/www/nextcloud/">
  # Options Indexes MultiViews FollowSymlinks
  Options +FollowSymlinks
  AllowOverride All
  Order allow,deny
  Allow from all
  <IfModule mod_dav.c>
  Dav off
  </IfModule>
  </Directory>
  TransferLog /var/log/apache2/nextcloud_access.log
  ErrorLog /var/log/apache2/nextcloud_error.log
   # Lets encrypt keys
   SSLCertificateFile /etc/letsencrypt/live/cloud.stormautomasjon.no/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/cloud.stormautomasjon.no/privkey.pem
   BrowserMatch "MSIE [2-6]" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0
  </VirtualHost>
</IfModule>

cat 002-svn-stormautomasjon-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:433>
  ServerName svn.stormautomasjon.no
  ServerAdmin ekb@stormelektro.no
  DocumentRoot /var/www/svn/
  ErrorLog ${APACHE_LOG_DIR}/svn_stormautomasjon_ssl_error.log
  CustomLog ${APACHE_LOG_DIR}/svn_stormautomasjonssl_access.log combined
   SSLEngine on
   Include /etc/letsencrypt/options-ssl-apache.conf
  # Lets encrypt keys
  SSLCertificateFile /etc/letsencrypt/live/svn.stormautomasjon.no/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/svn.stormautomasjon.no/privkey.pem
</VirtualHost>
</IfModule>

cat 003-graf-stormautomasjon.conf
<VirtualHost *:80>
   ServerName graf.stormautomasjon.no
  ServerAdmin ekb@stormelektro.no
  ErrorLog ${APACHE_LOG_DIR}/graf_error.log
  CustomLog ${APACHE_LOG_DIR}/graf_access.log combined
  Redirect / https://graf.stormautomasjon.no
</VirtualHost>
<IfModule mod_ssl.c>
  <VirtualHost *:443>
  Protocols h2 h2c http/1.1
  ServerAdmin ekb@stormelektro.no
  ServerName graf.stormautomasjon.no
  ServerSignature Off
  <IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  Header set X-Content-Type-Options "nosniff"
  </IfModule>
  SSLEngine on
  Include /etc/letsencrypt/options-ssl-apache.conf
  ErrorLog ${APACHE_LOG_DIR}/graf_error.log
  CustomLog ${APACHE_LOG_DIR}/graf_access.log combined
  ProxyPreserveHost On
  ProxyPass / http://localhost:3000/
  ProxyPassReverse / http://localhost:3000/
SSLCertificateFile /etc/letsencrypt/live/graf.stormautomasjon.no/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/graf.stormautomasjon.no/privkey.pem
  </VirtualHost>
</IfModule>

I have made all the certificates on Let’s encrypt

/etc/letsencrypt/live$ ls -R
.:

cloud.stormautomasjon.no  graf.stormautomasjon.no  README  stormautomasjon.no  svn.stormautomasjon.no  www.stormautomasjon.no

./cloud.stormautomasjon.no:
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

./graf.stormautomasjon.no:
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

./stormautomasjon.no:
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

./svn.stormautomasjon.no:
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

./www.stormautomasjon.no:
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

Can anybody see way the webservers only find the certificate from cloud.stormautomasjon.no ?

Thanks for youre help

Espen

gas85 · June 30, 2020, 12:46pm

Looks like misconfiguration somewhere, because all links are driven to the Next cloud at the end.

Please check this line:

Include /etc/letsencrypt/options-ssl-apache.conf

Could be that misconfiguration is hidden there.

espenbo · June 30, 2020, 2:53pm

Thanks for your replay


/var/log/apache2# cat /etc/letsencrypt/options-ssl-apache.conf
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.
SSLEngine on
Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3

SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

SSLHonorCipherOrder     on

SSLCompression          off
SSLOptions +StrictRequire
Add vhost name to log entries:
LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-agent}i”” vhost_combined

LogFormat “%v %h %l %u %t “%r” %>s %b” vhost_common
#CustomLog /var/log/apache2/access.log vhost_combined

#LogLevel warn

#ErrorLog /var/log/apache2/error.log
Always ensure Cookies have “Secure” set (JAH 2012/1)

#Header edit Set-Cookie (?i)^(.)(;\ssecure)??((\s*;)?(.*)) “$1; Secure$3$4” root@stormautomasjon:/var/log/apache2#

I can’t find any thing here, do you see somthing?

Espen

espenbo · June 30, 2020, 5:05pm

Hello
Thank you. I found it. I had replaced the *:443 with *:433
So I was using the wrong port nummber.

Espen

gas85 · July 1, 2020, 8:13am

Glad for U you!
Just a note, this LetsEncrypt config is not the best one, personally I always disable it and use my own.