Hello:

Using apache 2.4.46 on a FreeBSD 12.2 server. I am unsure if it is a bug or if I was somehow able to accomplish something that is not possible. A previous set up running on CentOS 8 had 5 Name-Based Websites each with their own SSL cert. This has been
working without any problems for like 3 years. At any rate, recently set up a new box to migrate away from CentOS and being an old FBSD user; I figured I would go back. But that is another story.

Anyway, with the new installation after some changes here and there; I have 2 of the websites working perfectly fine. However, the last website is not able to accessed in anyway. It actually shares a Let's Encrypt Cert with one of the other sites.

Here are the virtual hosts entries:

<VirtualHost *:80>
ServerName www.domain1.com
Redirect permanent / https://www.domain1.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.domain1.com
ServerAdmin [email protected]
ServerAlias domain1.com
DocumentRoot /var/www/xxxx.xxx/
<Directory "/var/www/xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css text/plain text/xml application/x-javascript application/x-httpd-php
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip

SSLEngine on
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>

<VirtualHost *:80>
ServerName support.domain2.com
ServerAlias support.domain2.us
Redirect permanent / https://support.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName support.domain2.com
ServerAlias support.domain2.us
ServerAdmin [email protected]
DocumentRoot "/var/www/xxxx.xxxx.xxx/"
<Directory "/var/www/xxxx.xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf </VirtualHost>

<VirtualHost *:80>
ServerName www.doman2.com
ServerAlias domain2.com www.domain2.us domain2.us
Redirect permanent / https://www.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName domain2.com
ServerAlias www.domain2.com
ServerAdmin [email protected]
DocumentRoot "/var/www/www.domain2.com/"
<Directory "/var/www/www.domain2.com">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf </VirtualHost>


Is there any reason that domain1.com and domain2.com (vhost1 and vhost2) works but support.domain1.com (vhost 3)doesn't work. I am absolutely at a loss?

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

Hello:

Using apache 2.4.46 on a FreeBSD 12.2 server. I am unsure if it is a
bug or if I was somehow able to accomplish something that is not
possible. A previous set up running on CentOS 8 had 5 Name-Based
Websites each with their own SSL cert. This has been working without any >problems for like 3 years. At any rate, recently set up a new box to
migrate away from CentOS and being an old FBSD user; I figured I would
go back. But that is another story.

Anyway, with the new installation after some changes here and there;
I have 2 of the websites working perfectly fine. However, the last
website is not able to accessed in anyway. It actually shares a Let's
Encrypt Cert with one of the other sites.

Here are the virtual hosts entries:

<VirtualHost *:80>
ServerName www.domain1.com
Redirect permanent / https://www.domain1.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.domain1.com
ServerAdmin [email protected]
ServerAlias domain1.com
DocumentRoot /var/www/xxxx.xxx/
<Directory "/var/www/xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css text/plain
text/xml application/x-javascript application/x-httpd-php
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip

SSLEngine on
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>

<VirtualHost *:80>
ServerName support.domain2.com
ServerAlias support.domain2.us
Redirect permanent / https://support.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName support.domain2.com
ServerAlias support.domain2.us
ServerAdmin [email protected]
DocumentRoot "/var/www/xxxx.xxxx.xxx/"
<Directory "/var/www/xxxx.xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf
</VirtualHost>

<VirtualHost *:80>
ServerName www.doman2.com
ServerAlias domain2.com www.domain2.us domain2.us
Redirect permanent / https://www.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName domain2.com
ServerAlias www.domain2.com
ServerAdmin [email protected]
DocumentRoot "/var/www/www.domain2.com/"
<Directory "/var/www/www.domain2.com">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf
</VirtualHost>

Is there any reason that domain1.com and domain2.com (vhost1 and vhost2) >works but support.domain1.com (vhost 3)doesn't work. I am absolutely at
a loss?

I should probably write a blog entry on this.

I used to use Apache but moved over to nginx.

However, the way I did it was to use

the httpd-ssl.conf for port 443 and https-vhosts.conf for port 80.

How did you set up the let's encrypt?

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or >distribution or taking of action in reliance upon the contents of this >transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b 30 years on the Internet http://bit.ly/3uxzSzT

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/2/21 3:52 AM, Tamer Ziady wrote:

Hello:

Using apache 2.4.46 on a FreeBSD 12.2 server. I am unsure if it is a bug or if I was somehow able to accomplish something that is not possible. A previous set up running on CentOS 8 had 5 Name-Based Websites each with their own SSL cert. This has

been working without any problems for like 3 years. At any rate, recently set up a new box to migrate away from CentOS and being an old FBSD user; I figured I would go back. But that is another story.

Anyway, with the new installation after some changes here and there; I have 2 of the websites working perfectly fine. However, the last website is not able to accessed in anyway. It actually shares a Let's Encrypt Cert with one of the other sites.

Here are the virtual hosts entries:

<VirtualHost *:80>
ServerName www.domain1.com
Redirect permanent / https://www.domain1.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.domain1.com
ServerAdmin [email protected]
ServerAlias domain1.com
DocumentRoot /var/www/xxxx.xxx/
<Directory "/var/www/xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css text/plain text/xml application/x-javascript application/x-httpd-php
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip

SSLEngine on
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>

<VirtualHost *:80>
ServerName support.domain2.com
ServerAlias support.domain2.us
Redirect permanent / https://support.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName support.domain2.com
ServerAlias support.domain2.us
ServerAdmin [email protected]
DocumentRoot "/var/www/xxxx.xxxx.xxx/"
<Directory "/var/www/xxxx.xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf </VirtualHost>

<VirtualHost *:80>
ServerName www.doman2.com
ServerAlias domain2.com www.domain2.us domain2.us
Redirect permanent / https://www.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName domain2.com
ServerAlias www.domain2.com
ServerAdmin [email protected]
DocumentRoot "/var/www/www.domain2.com/"
<Directory "/var/www/www.domain2.com">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf </VirtualHost>

Is there any reason that domain1.com and domain2.com (vhost1 and vhost2) works but support.domain1.com (vhost 3)doesn't work. I am absolutely at a loss?

I don't see anything in your configuration that would match
support.domain1.com

Jeff

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

There isn't a support.domain1.com. At this point only 3 vhosts:

1. domain1.com (alias www.domain1.com)
2. domain2.com (alias www.domain2.com and some others for .us and stuff)
3. support.domain2.com (a subhost under domain2)


so, 2 & 3 are related. And 1 doesn't have any sub hosts. Pretty much will be *domain1.com once I move further fixing this issue.

Hope that makes sense?

Cheers,
T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tuesday, March 2, 2021 at 10:01:29 AM UTC-5, The Doctor wrote:

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

Hello:

Using apache 2.4.46 on a FreeBSD 12.2 server. I am unsure if it is a
bug or if I was somehow able to accomplish something that is not
possible. A previous set up running on CentOS 8 had 5 Name-Based
Websites each with their own SSL cert. This has been working without any >problems for like 3 years. At any rate, recently set up a new box to >migrate away from CentOS and being an old FBSD user; I figured I would
go back. But that is another story.

Anyway, with the new installation after some changes here and there;
I have 2 of the websites working perfectly fine. However, the last
website is not able to accessed in anyway. It actually shares a Let's >Encrypt Cert with one of the other sites.

Here are the virtual hosts entries:

<VirtualHost *:80>
ServerName www.domain1.com
Redirect permanent / https://www.domain1.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.domain1.com
ServerAdmin [email protected]
ServerAlias domain1.com
DocumentRoot /var/www/xxxx.xxx/
<Directory "/var/www/xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css text/plain
text/xml application/x-javascript application/x-httpd-php
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip

SSLEngine on
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>

<VirtualHost *:80>
ServerName support.domain2.com
ServerAlias support.domain2.us
Redirect permanent / https://support.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName support.domain2.com
ServerAlias support.domain2.us
ServerAdmin [email protected]
DocumentRoot "/var/www/xxxx.xxxx.xxx/"
<Directory "/var/www/xxxx.xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf
</VirtualHost>

<VirtualHost *:80>
ServerName www.doman2.com
ServerAlias domain2.com www.domain2.us domain2.us
Redirect permanent / https://www.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName domain2.com
ServerAlias www.domain2.com
ServerAdmin [email protected]
DocumentRoot "/var/www/www.domain2.com/"
<Directory "/var/www/www.domain2.com">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf
</VirtualHost>

Is there any reason that domain1.com and domain2.com (vhost1 and vhost2) >works but support.domain1.com (vhost 3)doesn't work. I am absolutely at
a loss?

I should probably write a blog entry on this.

I used to use Apache but moved over to nginx.

However, the way I did it was to use

the httpd-ssl.conf for port 443 and https-vhosts.conf for port 80.

How did you set up the let's encrypt?

Set up let's encrypt using the ACME CLI client & remote DNS authorization w/ Godaddy via their API. Works very well. Using Crontab to manage renewals. Usually very effortless except for the throw up here and there. I am pretty much using all 443 at this
point and may even block 80 all together but likely not a good idea.

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On an absolute side note and not to soil this mailing list with another software; what made you move to NGINX?

Cheers,
T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

On Tuesday, March 2, 2021 at 10:01:29 AM UTC-5, The Doctor wrote:

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

Hello:

Using apache 2.4.46 on a FreeBSD 12.2 server. I am unsure if it is a
bug or if I was somehow able to accomplish something that is not
possible. A previous set up running on CentOS 8 had 5 Name-Based
Websites each with their own SSL cert. This has been working without any
problems for like 3 years. At any rate, recently set up a new box to
migrate away from CentOS and being an old FBSD user; I figured I would
go back. But that is another story.

Anyway, with the new installation after some changes here and there;
I have 2 of the websites working perfectly fine. However, the last
website is not able to accessed in anyway. It actually shares a Let's
Encrypt Cert with one of the other sites.

Here are the virtual hosts entries:

<VirtualHost *:80>
ServerName www.domain1.com
Redirect permanent / https://www.domain1.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.domain1.com
ServerAdmin [email protected]
ServerAlias domain1.com
DocumentRoot /var/www/xxxx.xxx/
<Directory "/var/www/xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css text/plain
text/xml application/x-javascript application/x-httpd-php
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip

SSLEngine on
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>

<VirtualHost *:80>
ServerName support.domain2.com
ServerAlias support.domain2.us
Redirect permanent / https://support.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName support.domain2.com
ServerAlias support.domain2.us
ServerAdmin [email protected]
DocumentRoot "/var/www/xxxx.xxxx.xxx/"
<Directory "/var/www/xxxx.xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf
</VirtualHost>

<VirtualHost *:80>
ServerName www.doman2.com
ServerAlias domain2.com www.domain2.us domain2.us
Redirect permanent / https://www.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName domain2.com
ServerAlias www.domain2.com
ServerAdmin [email protected]
DocumentRoot "/var/www/www.domain2.com/"
<Directory "/var/www/www.domain2.com">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf
</VirtualHost>


Is there any reason that domain1.com and domain2.com (vhost1 and vhost2)
works but support.domain1.com (vhost 3)doesn't work. I am absolutely at
a loss?

I should probably write a blog entry on this.

I used to use Apache but moved over to nginx.

However, the way I did it was to use

the httpd-ssl.conf for port 443 and https-vhosts.conf for port 80.

How did you set up the let's encrypt?

Set up let's encrypt using the ACME CLI client & remote DNS
authorization w/ Godaddy via their API. Works very well. Using Crontab
to manage renewals. Usually very effortless except for the throw up here
and there. I am pretty much using all 443 at this point and may even
block 80 all together but likely not a good idea.

Just redirect your prot 80 traffic to port 443.

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or >distribution or taking of action in reliance upon the contents of this >transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b 30 years on the Internet http://bit.ly/3uxzSzT

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

On an absolute side note and not to soil this mailing list with another >software; what made you move to NGINX?

Cheers,
T

Performance and less admin overhead!

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or >distribution or taking of action in reliance upon the contents of this >transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b 30 years on the Internet http://bit.ly/3uxzSzT

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tuesday, March 2, 2021 at 6:19:41 PM UTC-5, The Doctor wrote:

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

On Tuesday, March 2, 2021 at 10:01:29 AM UTC-5, The Doctor wrote:

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

Hello:

Using apache 2.4.46 on a FreeBSD 12.2 server. I am unsure if it is a
bug or if I was somehow able to accomplish something that is not
possible. A previous set up running on CentOS 8 had 5 Name-Based
Websites each with their own SSL cert. This has been working without any >> >problems for like 3 years. At any rate, recently set up a new box to
migrate away from CentOS and being an old FBSD user; I figured I would
go back. But that is another story.

Anyway, with the new installation after some changes here and there;
I have 2 of the websites working perfectly fine. However, the last
website is not able to accessed in anyway. It actually shares a Let's
Encrypt Cert with one of the other sites.

Here are the virtual hosts entries:

<VirtualHost *:80>
ServerName www.domain1.com
Redirect permanent / https://www.domain1.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.domain1.com
ServerAdmin [email protected]
ServerAlias domain1.com
DocumentRoot /var/www/xxxx.xxx/
<Directory "/var/www/xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css text/plain
text/xml application/x-javascript application/x-httpd-php
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip

SSLEngine on
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>

<VirtualHost *:80>
ServerName support.domain2.com
ServerAlias support.domain2.us
Redirect permanent / https://support.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName support.domain2.com
ServerAlias support.domain2.us
ServerAdmin [email protected]
DocumentRoot "/var/www/xxxx.xxxx.xxx/"
<Directory "/var/www/xxxx.xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf
</VirtualHost>

<VirtualHost *:80>
ServerName www.doman2.com
ServerAlias domain2.com www.domain2.us domain2.us
Redirect permanent / https://www.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName domain2.com
ServerAlias www.domain2.com
ServerAdmin [email protected]
DocumentRoot "/var/www/www.domain2.com/"
<Directory "/var/www/www.domain2.com">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf
</VirtualHost>


Is there any reason that domain1.com and domain2.com (vhost1 and vhost2) >> >works but support.domain1.com (vhost 3)doesn't work. I am absolutely at >> >a loss?

I should probably write a blog entry on this.

I used to use Apache but moved over to nginx.

However, the way I did it was to use

the httpd-ssl.conf for port 443 and https-vhosts.conf for port 80.

How did you set up the let's encrypt?

Set up let's encrypt using the ACME CLI client & remote DNS
authorization w/ Godaddy via their API. Works very well. Using Crontab
to manage renewals. Usually very effortless except for the throw up here >and there. I am pretty much using all 443 at this point and may even
block 80 all together but likely not a good idea.

Just redirect your prot 80 traffic to port 443.

--
This e-mail and any attachments may contain information that is >confidential and/or privileged and prohibited from disclosure or >unauthorized use under applicable law. If you are not the intended >recipient, you are hereby notified that any disclosure, copying or >distribution or taking of action in reliance upon the contents of this >transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete >it to the fullest extent possible once you
have notified the sender of the
error.

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b 30 years on the Internet http://bit.ly/3uxzSzT

This is what this does:

<VirtualHost *:80>
ServerName support.domain2.com
ServerAlias support.domain2.us
Redirect permanent / https://support.domain2.com/
</VirtualHost>

But maybe I misunderstanding you. Are you suggesting run the 3rd domain on port 80 and redirect it after SSL handshake?

thanks for the responses.

T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

understood. But that would not really work as I want the 3rd domain to also be SSL.

It was working and I am unsure of why when I moved the environment that it stopped working.

:(

T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

On Tuesday, March 2, 2021 at 6:19:41 PM UTC-5, The Doctor wrote:

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

On Tuesday, March 2, 2021 at 10:01:29 AM UTC-5, The Doctor wrote:

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

Hello:

Using apache 2.4.46 on a FreeBSD 12.2 server. I am unsure if it is a
bug or if I was somehow able to accomplish something that is not
possible. A previous set up running on CentOS 8 had 5 Name-Based
Websites each with their own SSL cert. This has been working without any >> >> >problems for like 3 years. At any rate, recently set up a new box to
migrate away from CentOS and being an old FBSD user; I figured I would >> >> >go back. But that is another story.

Anyway, with the new installation after some changes here and there;
I have 2 of the websites working perfectly fine. However, the last
website is not able to accessed in anyway. It actually shares a Let's
Encrypt Cert with one of the other sites.

Here are the virtual hosts entries:

<VirtualHost *:80>
ServerName www.domain1.com
Redirect permanent / https://www.domain1.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.domain1.com
ServerAdmin [email protected]
ServerAlias domain1.com
DocumentRoot /var/www/xxxx.xxx/
<Directory "/var/www/xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css text/plain
text/xml application/x-javascript application/x-httpd-php
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip

SSLEngine on
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>

<VirtualHost *:80>
ServerName support.domain2.com
ServerAlias support.domain2.us
Redirect permanent / https://support.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName support.domain2.com
ServerAlias support.domain2.us
ServerAdmin [email protected]
DocumentRoot "/var/www/xxxx.xxxx.xxx/"
<Directory "/var/www/xxxx.xxxx.xxx">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf
</VirtualHost>

<VirtualHost *:80>
ServerName www.doman2.com
ServerAlias domain2.com www.domain2.us domain2.us
Redirect permanent / https://www.domain2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName domain2.com
ServerAlias www.domain2.com
ServerAdmin [email protected]
DocumentRoot "/var/www/www.domain2.com/"
<Directory "/var/www/www.domain2.com">
Options Indexes FollowSymLinks
require all granted
AllowOverride All
</Directory>
Include /usr/local/etc/apache24/sites/deflate.conf
Include /usr/local/etc/apache24/sites/domain2-ssl.conf
</VirtualHost>


Is there any reason that domain1.com and domain2.com (vhost1 and vhost2) >> >> >works but support.domain1.com (vhost 3)doesn't work. I am absolutely at >> >> >a loss?

I should probably write a blog entry on this.

I used to use Apache but moved over to nginx.

However, the way I did it was to use

the httpd-ssl.conf for port 443 and https-vhosts.conf for port 80.

How did you set up the let's encrypt?

Set up let's encrypt using the ACME CLI client & remote DNS
authorization w/ Godaddy via their API. Works very well. Using Crontab
to manage renewals. Usually very effortless except for the throw up here
and there. I am pretty much using all 443 at this point and may even
block 80 all together but likely not a good idea.

Just redirect your prot 80 traffic to port 443.

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this
transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete >> >it to the fullest extent possible once you
have notified the sender of the
error.

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici >doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware

AntiChrist rising!

Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
30 years on the Internet http://bit.ly/3uxzSzT

This is what this does:

<VirtualHost *:80>
ServerName support.domain2.com
ServerAlias support.domain2.us
Redirect permanent / https://support.domain2.com/
</VirtualHost>

But maybe I misunderstanding you. Are you suggesting run the 3rd domain
on port 80 and redirect it after SSL handshake?

thanks for the responses.

T

Yes. Remember port 80 is non-SSL.

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or >distribution or taking of action in reliance upon the contents of this >transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b 30 years on the Internet http://bit.ly/3uxzSzT

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/2/21 11:50 AM, Tamer Ziady wrote:

There isn't a support.domain1.com. At this point only 3 vhosts:

1. domain1.com (alias www.domain1.com)
2. domain2.com (alias www.domain2.com and some others for .us and stuff)
3. support.domain2.com (a subhost under domain2)

so, 2 & 3 are related. And 1 doesn't have any sub hosts. Pretty much will be *domain1.com once I move further fixing this issue.

Hope that makes sense?

Hi, not really. In your original post you said support.domain1.com does
not work. Of course it does not work, it is not listed anywhere in the httpd.conf configuration you posted. Why do you think it should work?

Jeff

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

My complete apologies. I means support.domain2.com. The config files are correct I just misspoke with my question.

There is only:

1. domain1.com www.domain1.com
2. domain2.com www.domain2.com
3. support.domain2.com

Number 3 is what is not working.

Sorry for misspeaking.

T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/3/21 8:55 PM, Tamer Ziady wrote:

My complete apologies. I means support.domain2.com. The config files are correct I just misspoke with my question.

There is only:

1. domain1.com www.domain1.com
2. domain2.com www.domain2.com
3. support.domain2.com

Number 3 is what is not working.

Sorry for misspeaking.

ok, so what happens when you visit http://support.domain2.com/ ?

Jeff

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thursday, March 4, 2021 at 11:25:44 AM UTC-5, Jeff Long wrote:

On 3/3/21 8:55 PM, Tamer Ziady wrote:

My complete apologies. I means support.domain2.com. The config files are correct I just misspoke with my question.

There is only:

1. domain1.com www.domain1.com
2. domain2.com www.domain2.com
3. support.domain2.com

Number 3 is what is not working.

Sorry for misspeaking.

ok, so what happens when you visit http://support.domain2.com/ ?

Jeff

So, when I try and visit http://support.domain2.com it goes to domain2.com

T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/4/21 7:23 PM, Tamer Ziady wrote:

On Thursday, March 4, 2021 at 11:25:44 AM UTC-5, Jeff Long wrote:

On 3/3/21 8:55 PM, Tamer Ziady wrote:

My complete apologies. I means support.domain2.com. The config files are correct I just misspoke with my question.

There is only:

1. domain1.com www.domain1.com
2. domain2.com www.domain2.com
3. support.domain2.com

Number 3 is what is not working.

Sorry for misspeaking.

ok, so what happens when you visit http://support.domain2.com/ ?

Jeff

So, when I try and visit http://support.domain2.com it goes to domain2.com

does running 'apachectl -S' tell you anything interesting/helpful?

Jeff

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

# apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server domain1.com (/usr/local/etc/apache24/sites.enabled/002-domain1.com.conf:1)
port 80 namevhost domain1.com (/usr/local/etc/apache24/sites.enabled/002-domain1.com.conf:1)
port 80 namevhost support.domain2.com (/usr/local/etc/apache24/sites.enabled/004-support.domain2.com.conf:1)
alias support.domain2.us
port 80 namevhost www.domain2.com (/usr/local/etc/apache24/sites.enabled/006-domain2.com.conf:1)
alias domain2.com
alias www.domain2.com
alias domain2.us
*:443 is a NameVirtualHost
default server domain1.com (/usr/local/etc/apache24/sites.enabled/002-domain1.com.conf:5)
port 443 namevhost domain1.com (/usr/local/etc/apache24/sites.enabled/domain1.com.conf:5)
alias www.domain1.com
port 443 namevhost support.domain2.com (/usr/local/etc/apache24/sites.enabled/004-support.domain2.com.conf:6)
alias support.domain2.us
port 443 namevhost domain2.com (/usr/local/etc/apache24/sites.enabled/006-domain2.com.conf:6)
alias www.domain2.com
ServerRoot: "/usr/local"
Main DocumentRoot: "/usr/local/www/apache24/data"
Main ErrorLog: "/var/log/httpd-error.log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/" mechanism=default
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/var/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www" id=80
Group: name="www" id=80

I really do not see any issues, except for the Main DocumentRoot is incorrect since I am actually using /var/www/

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I am using FreeBSD...I moved them to /var/www because I am coming from CentOS. I moved them there. The remaining root is /usr/local

Because /var/www is a mount point that I am using.

T

# uname -a
FreeBSD dev 12.2-RELEASE-p3 FreeBSD 12.2-RELEASE-p3 GENERIC amd64

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Cool...is it a problem that I am using /var/www ?

T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

I am using FreeBSD...I moved them to /var/www because I am coming from >CentOS. I moved them there. The remaining root is /usr/local

Because /var/www is a mount point that I am using.

T

# uname -a
FreeBSD dev 12.2-RELEASE-p3 FreeBSD 12.2-RELEASE-p3 GENERIC amd64

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or >distribution or taking of action in reliance upon the contents of this >transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

/var/www did exist in BSD/OS and in FreeBSD
the defaul is /usr/local/www .

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b 30 years on the Internet http://bit.ly/3uxzSzT

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

# apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server domain1.com
(/usr/local/etc/apache24/sites.enabled/002-domain1.com.conf:1)
port 80 namevhost domain1.com
(/usr/local/etc/apache24/sites.enabled/002-domain1.com.conf:1)
port 80 namevhost support.domain2.com
(/usr/local/etc/apache24/sites.enabled/004-support.domain2.com.conf:1)
alias support.domain2.us
port 80 namevhost www.domain2.com
(/usr/local/etc/apache24/sites.enabled/006-domain2.com.conf:1)
alias domain2.com
alias www.domain2.com
alias domain2.us
*:443 is a NameVirtualHost
default server domain1.com
(/usr/local/etc/apache24/sites.enabled/002-domain1.com.conf:5)
port 443 namevhost domain1.com
(/usr/local/etc/apache24/sites.enabled/domain1.com.conf:5)
alias www.domain1.com
port 443 namevhost support.domain2.com
(/usr/local/etc/apache24/sites.enabled/004-support.domain2.com.conf:6)
alias support.domain2.us
port 443 namevhost domain2.com
(/usr/local/etc/apache24/sites.enabled/006-domain2.com.conf:6)
alias www.domain2.com
ServerRoot: "/usr/local"
Main DocumentRoot: "/usr/local/www/apache24/data"
Main ErrorLog: "/var/log/httpd-error.log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/" mechanism=default
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/var/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www" id=80
Group: name="www" id=80

I really do not see any issues, except for the Main DocumentRoot is
incorrect since I am actually using /var/www/

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or >distribution or taking of action in reliance upon the contents of this >transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

/var/www/ ? I tough you said you were using FreeBSD 12.2 ?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b 30 years on the Internet http://bit.ly/3uxzSzT

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <[email protected]>,
Tamer Ziady <[email protected]> wrote:

Cool...is it a problem that I am using /var/www ?

T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or >distribution or taking of action in reliance upon the contents of this >transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

What I did was to alias /var/www ot /usr/local/www
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b 30 years on the Internet http://bit.ly/3uxzSzT

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Probably a more elegant solution.

Maybe I will move it back.

T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Anyway, I am still stuck and no matter what I try I cannot get the 3rd VHOST working :(...

Cheers,
T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/5/21 3:28 PM, Tamer Ziady wrote:

# apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server domain1.com (/usr/local/etc/apache24/sites.enabled/002-domain1.com.conf:1)
port 80 namevhost domain1.com (/usr/local/etc/apache24/sites.enabled/002-domain1.com.conf:1)
port 80 namevhost support.domain2.com (/usr/local/etc/apache24/sites.enabled/004-support.domain2.com.conf:1)
alias support.domain2.us
port 80 namevhost www.domain2.com (/usr/local/etc/apache24/sites.enabled/006-domain2.com.conf:1)
alias domain2.com
alias www.domain2.com
alias domain2.us
*:443 is a NameVirtualHost
default server domain1.com (/usr/local/etc/apache24/sites.enabled/002-domain1.com.conf:5)
port 443 namevhost domain1.com (/usr/local/etc/apache24/sites.enabled/domain1.com.conf:5)
alias www.domain1.com
port 443 namevhost support.domain2.com (/usr/local/etc/apache24/sites.enabled/004-support.domain2.com.conf:6)
alias support.domain2.us
port 443 namevhost domain2.com (/usr/local/etc/apache24/sites.enabled/006-domain2.com.conf:6)
alias www.domain2.com
ServerRoot: "/usr/local"
Main DocumentRoot: "/usr/local/www/apache24/data"

I really do not see any issues, except for the Main DocumentRoot is incorrect since I am actually using /var/www/

I think I would agree that your config there looks fine. Have you tried
using your browser's developer tools to see if you're somehow getting redirected to domain2.com?

Jeff

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Thanks for the suggestion. I looked via Dev Tools and saw no redirection.

I did some additional testing.

The Let's Encrypt cert that I was using was a *.domain.com

So, just to make sure that was not somehow doing anything, I got individual certs for each www and support

However, that did not help.

In testing a whole bunch of things; I discovered a rather odd behavior.

These sites are Wordpress sites.

If I go to https://support.domain2.com it just redirects to https://www.domain2.com

However, if I go to https://support.domain2.com/info.php (or any sub wp-admin, whatever) it works.

I am not sure what would cause this behavior at all. However, I am going to post this with Wordpress now; as I do not think the issue is Apache and SSL.

If anyone has any idea why this kind of behavior would occur with WP, please let me know.

And thank you everyone for your help and responses with this issue.

Cheers,
T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In comp.infosystems.www.servers.unix, Tamer Ziady <[email protected]> wrote:

In testing a whole bunch of things; I discovered a rather odd behavior.

These sites are Wordpress sites.

If I go to https://support.domain2.com it just redirects to https://www.domain2.com

...

If anyone has any idea why this kind of behavior would occur with WP, please let
me know.

Wordpress, when invoked, always wants to redirect you to the FQDN the
blog is configured for. If you go to random specific files you may be
able to view them without invoking Wordpress.

Look for the "X-Redirect-By: WordPress" header:

curl --dump-header tmp.file https://support.domain2.com/ > /dev/null

Elijah
------
has fought with WP over this before

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Thanks for the suggestion. I believe the issue is still SSL related. As this is what I get when I try using CURL:

# curl --dump-header tmp.file https://support.domain2.com/ > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

and when I use --insecure

It returns

# more tmp.file
HTTP/1.1 404 Not Found
Date: Tue, 09 Mar 2021 14:52:40 GMT
Server: Apache/2.4.46 (FreeBSD) OpenSSL/1.1.1h-freebsd
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

However, I am still able to access info.php....

Checking if maybe .htaccess is the culprit.

So at a loss here.

T

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of
this
transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by
reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Thanks for the suggestion. I believe the issue is still SSL related. As this is what I get when I try using CURL:

# curl --dump-header tmp.file https://support.domain2.com/ > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

and when I use --insecure

It returns

# more tmp.file
HTTP/1.1 404 Not Found
Date: Tue, 09 Mar 2021 14:52:40 GMT
Server: Apache/2.4.46 (FreeBSD) OpenSSL/1.1.1h-freebsd
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

However, I am still able to access info.php....

Checking if maybe .htaccess is the culprit.

So at a loss here.

--
This e-mail and any attachments may contain information that is
confidential and/or privileged and prohibited from disclosure or
unauthorized use under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying or
distribution or taking of action in reliance upon the contents of this transmission is strictly prohibited. If you have received
this e-mail in
error, you are instructed to notify the sender by reply e-mail and delete
it to the fullest extent possible once you
have notified the sender of the
error.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)