Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Problem with SSL Sites Certification
Hello,
I am installing SSL Certification on my Linux Centos Server. And I am trying the first Domains. It is almost working. But I have one strange problem. If I use a URL to the Site root (www) it comes as Secure. But if I use a URL to any internal directory it comes as Unsecure, depending on using www or a slash at the end.
Please try it in your Chrome Browser, but, clear its Cache memory between the tests. I have added SSL to 2 of our Sites:
segurosagro.com.br
multisites.com.br
And I created a simple directory called testredirect which has just an index.html file with an image.
1) segurosagro.com.br/testred
It comes as Unsecure.
2) segurosagro.com.br/testred
It works, and comes as Secure.
3) www.segurosagro.com.br/testredirect
It also works, and comes as Secure.
In the same way:
1) multisites.com.br/testredi
It comes as Unsecure.
2) multisites.com.br/testredi
It works, and comes as Secure.
3) www.multisites.com.br/testredirect
It also works, and comes as Secure.
My actual httpd.conf <virtualhosts> entries for segurosagro.com.br and multisites.com.br are as below. You will see that they are slightly different. This is due to tests I was doing trying to solve the problem:
#-------------------------
# multisites.com.br
#-------------------------
<virtualhost 66.226.75.86:80>
ServerAdmin webmaster@multisitesdomini
ServerName www.multisites.com.br
ServerAlias multisites.com.br
ServerAlias www.multisites.net.br
DocumentRoot /var/www/html/multisites/w
ScriptAlias /cgi-bin/ /var/www/html/multisites/w
<Directory "/var/www/html/multisites/
Options ExecCGI Includes
AllowOverride None
</Directory>
ErrorLog logs/multisites-error-log
TransferLog logs/multisites-access-log
#
#Redirection to https
#
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI
</virtualhost>
#-------------------------
# segurosagro.com.br
#-------------------------
<virtualhost 66.226.75.86:80>
ServerAdmin webmaster@multisitesdomini
ServerName www.segurosagro.com.br
ServerAlias segurosagro.com.br
DocumentRoot /home/segurosagro/www
ScriptAlias /cgi-bin/ /home/segurosagro/www/cgi-
<Directory "/home/segurosagro/www/cgi
Options ExecCGI Includes
AllowOverride None
</Directory>
TransferLog logs/segurosagro-access-lo
#
#Redirection to https
#
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI
</virtualhost>
Thanks for any help.
I am installing SSL Certification on my Linux Centos Server. And I am trying the first Domains. It is almost working. But I have one strange problem. If I use a URL to the Site root (www) it comes as Secure. But if I use a URL to any internal directory it comes as Unsecure, depending on using www or a slash at the end.
Please try it in your Chrome Browser, but, clear its Cache memory between the tests. I have added SSL to 2 of our Sites:
segurosagro.com.br
multisites.com.br
And I created a simple directory called testredirect which has just an index.html file with an image.
1) segurosagro.com.br/testred
It comes as Unsecure.
2) segurosagro.com.br/testred
It works, and comes as Secure.
3) www.segurosagro.com.br/testredirect
It also works, and comes as Secure.
In the same way:
1) multisites.com.br/testredi
It comes as Unsecure.
2) multisites.com.br/testredi
It works, and comes as Secure.
3) www.multisites.com.br/testredirect
It also works, and comes as Secure.
My actual httpd.conf <virtualhosts> entries for segurosagro.com.br and multisites.com.br are as below. You will see that they are slightly different. This is due to tests I was doing trying to solve the problem:
#-------------------------
# multisites.com.br
#-------------------------
<virtualhost 66.226.75.86:80>
ServerAdmin webmaster@multisitesdomini
ServerName www.multisites.com.br
ServerAlias multisites.com.br
ServerAlias www.multisites.net.br
DocumentRoot /var/www/html/multisites/w
ScriptAlias /cgi-bin/ /var/www/html/multisites/w
<Directory "/var/www/html/multisites/
Options ExecCGI Includes
AllowOverride None
</Directory>
ErrorLog logs/multisites-error-log
TransferLog logs/multisites-access-log
#
#Redirection to https
#
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI
</virtualhost>
#-------------------------
# segurosagro.com.br
#-------------------------
<virtualhost 66.226.75.86:80>
ServerAdmin webmaster@multisitesdomini
ServerName www.segurosagro.com.br
ServerAlias segurosagro.com.br
DocumentRoot /home/segurosagro/www
ScriptAlias /cgi-bin/ /home/segurosagro/www/cgi-
<Directory "/home/segurosagro/www/cgi
Options ExecCGI Includes
AllowOverride None
</Directory>
TransferLog logs/segurosagro-access-lo
#
#Redirection to https
#
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI
</virtualhost>
Thanks for any help.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
First problem for you to resolve.
Fix your SSL cert.
Your current cert....
1) Correctly provides www.segurosagro.com.br coverage.
2) Incorrectly provides segurosagro.com.br coverage.
Your cert should cover both segurosagro.com.br + www.segurosagro.com.br or all manner of strange problems will arise.
Use free https://LetsEncrypt.org to simplify your life.
Fix your SSL cert.
Your current cert....
1) Correctly provides www.segurosagro.com.br coverage.
2) Incorrectly provides segurosagro.com.br coverage.
Your cert should cover both segurosagro.com.br + www.segurosagro.com.br or all manner of strange problems will arise.
Use free https://LetsEncrypt.org to simplify your life.
You really should follow David's suggestion above, this will be the easiest and safest path to what you want to achieve
- Make and move a backup copy of your files *.conf currently inside /etc/apache2/sites-availab
- restore your *.conf to the no https and no rewrite status, do the same to *ssl*.conf
- update /sites-enabled/ so that they have only your standard non https sites
------- now you are in a state similar to your initial state
check that with
apachectl configtest
which sould say OK without an other text
Go to David's link and select the right version
Now install and run the srcipts provided (I would suggest to place them into /root/letsencrypt/)
The prgramm will
- look at all your active sites
- ask you to get certificate for all or a selected subset of these sites
- ask you if you want to place an automatic redirect
And voilà, it's done
.. almost...: you need to activate and autmatic renewal of the certificate, since it ids frre but valid 3 months only.
my cron job for this is
21 13 * * 3 /root/letsencrypt/certbot-
(day 3 in the week, each week,,at 13:12).
(since it uses very few resources, doing that weekly is not a real waste)
- Make and move a backup copy of your files *.conf currently inside /etc/apache2/sites-availab
- restore your *.conf to the no https and no rewrite status, do the same to *ssl*.conf
- update /sites-enabled/ so that they have only your standard non https sites
------- now you are in a state similar to your initial state
check that with
apachectl configtest
which sould say OK without an other text
Go to David's link and select the right version
Now install and run the srcipts provided (I would suggest to place them into /root/letsencrypt/)
The prgramm will
- look at all your active sites
- ask you to get certificate for all or a selected subset of these sites
- ask you if you want to place an automatic redirect
And voilà, it's done
.. almost...: you need to activate and autmatic renewal of the certificate, since it ids frre but valid 3 months only.
my cron job for this is
21 13 * * 3 /root/letsencrypt/certbot-
(day 3 in the week, each week,,at 13:12).
(since it uses very few resources, doing that weekly is not a real waste)
To clarify a bit more David Favor's answer: add aliases to the DNS name. Technically, add an subjectAltName field.
Here's an example of how I generate/manage certs...
So first you generate a cert.
Then you have to manage cert auto renewal + when renewals occur, restart all services which require pulling in the new cert.
So first you generate a cert.
Then you have to manage cert auto renewal + when renewals occur, restart all services which require pulling in the new cert.
# First time generation.
# I use /var/www/html or DNS verification, because certbot-auto randomly seems to break using other directories
certbot-auto certonly --no-self-upgrade --non-interactive --rsa-key-size 4096 --email david\@davidfavor.com --agree-tos --webroot -w /var/www/html -d segurosagro.com.br -d www.segurosagro.com.br
# CRON job for - Auto renew + Auto reingest cert when auto renew occurs...
0 */1 * * * (echo '#####' && date && certbot-auto renew --non-interactive --post-hook "service apache2 reload; service dovecot reload") >> /var/log/ssl-renewals.log 2>&1
The last version of certbot handles restarting Apache when needed
The problem you mention with certbot-auto might come from a slight versions difference between the "standard" version (ie the one you get with ap-get install). Downloading the script and using it does not have those problem and the srcipt updates itself (if needed) before renewing yhe certs
The problem you mention with certbot-auto might come from a slight versions difference between the "standard" version (ie the one you get with ap-get install). Downloading the script and using it does not have those problem and the srcipt updates itself (if needed) before renewing yhe certs
The link I would recommend is
https://certbot.eff.org/docs/install.html
and more precisely installing and using certbot-auto a s detailed at
https://certbot.eff.org/docs/install.html#certbot-auto
This is really a no-brainer!
https://certbot.eff.org/docs/install.html
and more precisely installing and using certbot-auto a s detailed at
https://certbot.eff.org/docs/install.html#certbot-auto
This is really a no-brainer!
Premium Content
You need an Expert Office subscription to comment.Start Free Trial