[Bug?] httpd-ssl.conf ServerName www.example.com:xxxx

[Wanabo]

Found this in my httpd error_log:

www.example.com:8081:0 server certificate does NOT include an ID which matches the server name

Example.com????? I don't have that as a domain!

Started investigating and found that ServerName www.example.com:xxxx is set wrongly in various .conf files.
Also ServerAdmin [email protected] is set wrongly.

/etc/httpd/conf/extra/httpd-ssl.conf
/etc/httpd/conf/original/extra/httpd-ssl.conf
/usr/local/directadmin/custombuild/configure/ap2/conf/extra/httpd-ssl.conf

I suppose the hostname must be set here.

 

[Wanabo]

I must be the only one who has this.

 

[LawsHosting]

You need to set these, and put it in the custom dir of custombuild...... This file is only used for your hostname

 

[zEitEr]

We have example.com as well, and it does not break anything on our end. And it should not break anything at all, as if you host multiple domains on a single IP you should use SNI in order to get SSL/TLS to work on more than one domains.

 

[labrocca]

I have this too now after a conf rebuild. example.com are in these files:

httpd-vhosts.conf
httpd-info.conf
httpd-ssl.conf
httpd-manual.conf

Please advise on how to best remove or alter these. I get error logs on Apache start for:
"www.example.com:8081:0 server certificate does NOT include an ID which matches the server name"


I'm using Custombuild 2.0 with Nginx_Apache Reverse proxy.

EDIT: Fix was to go into https-ssl.conf and set "SSLEngine off".

Hope that helps someone else.

 

[wattie]

Normally every IP will have one "master" domain on it (which by default is assigned as "example.com"). It's not different than any other domains of course but the idea is to have SSL cert set on that domain for that IP (normal SSL certificate, not SNI one).

This can be used for example for DA control panel logins for your clients. You can make a domain for their login and set SSL on it and it will not be an SNI one.

If you don't make that, it's not a problem at all. Just few lines in your error log. Not a big deal.

P.S. Disabling SSL is not a "fix" for anything. You lose important 21st century functionality that way. For example you no longer have ability to use Lets encrypt free SSL certificates.