Apache https and undefined vhosts

M

matkra

Verified User
Joined
Sep 20, 2018
Messages
33
The user has two domains: domain_one and domain_two.

At the DNS level, each domain has multiple subdomains such as mail, ftp, pop, imap, smtp, etc.

In the Apache server configuration, we have default virtual hosts set up for:

<VirtualHost>
ServerName www.domain_one
ServerAlias www.domain_one domain_one
</VirtualHost>

and

<VirtualHost>
ServerName www.domain_two
ServerAlias www.domain_two domain_two
</VirtualHost>

(in this specific order – the order matters).

If a client connects over HTTPS to a subdomain for which no specific virtual host is defined, for example https://pop.domain_two, Apache will choose the SSL certificate from the first matching virtual host for that IP address – in this case, the certificate for domain_one. This results in a browser warning about a certificate mismatch.

Is there any solution to this issue?
 
zEitEr said:
You might try and create wildcard certificate and wildcard alias for your domain.
Click to expand...
That won't work. I have wildcards and same thing happens.

Reason: these are not real subdomains. These are the default records to reach a certain part like FTP or mail (pop, smtp) and one can not visit these this way because they don't have no virtual host setting (so no public_html) like www.

When a wildcard is used and for example you visit https://mail.domain.com then an ssl_error_bad_cert_domain is encountered because the requested domain name does not match the server certificate.
If you check the certificate then you will see that it will display the server's hostname.

So a wildcard won't fix that.

matkra said:
Is there any solution to this issue?
Click to expand...
I don't know, is there any reason to visit them that way? Normally that is almost never done.
 
You must log in or register to reply here.
Back
Top