Table of Contents

Multiple SSL Virtual Hosts on one IP

If you get this error:

[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: *.examplewebsite.com:443 (/etc/apache2/sites-enabled/2000-catch-all:24) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: ytest.examplewebsite2.com:443 (/etc/apache2/sites-enabled/1200-ytest:34) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: test99.examplewebsite2.com:443 (/etc/apache2/sites-enabled/1200-test99:23) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: aerp.examplewebsite2.com:443 (/etc/apache2/sites-enabled/1200-erp:34) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: awiki.examplewebsite2.com:443 (/etc/apache2/sites-enabled/1100-wiki:26) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: svnr.examplewebsite2.com:443 (/etc/apache2/sites-enabled/1100-svn-repo:1) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: pmama.examplewebsite2.com:443 (/etc/apache2/sites-enabled/1100-pma:26) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: olpdass.examplewebsite2.com:443 (/etc/apache2/sites-enabled/1100-opass:26) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: masnais.examplewebsite2.com:443 (/etc/apache2/sites-enabled/1100-mantis:34) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: examplewebsite2.com:443 (/etc/apache2/sites-enabled/1010-default:70) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: *.examplewebsite2.com:443 (/etc/apache2/sites-enabled/1000-catch-all:24) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: SSL server IP/port conflict: 73.122.192.125:443 (/etc/apache2/sites-enabled/0100-via-ip:24) vs. examplewebsite.com:443 (/etc/apache2/sites-enabled/2010-default:59)
[Tue Sep 08 22:42:28 2009] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
[Tue Sep 08 22:42:28 2009] [notice] Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.4.6 PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g configured -- resuming normal operations

Then read on!

Resource on this

However, although we get this error it seems to work!

Additional notes: It is not that in the above error is due to examplewebsite.com:443 configuration being invalid. If you remove virtual host examplewebsite.com you will then get the next virtual server in the error. examplewebsite happens to be the last one in this case.

This thread has some explanation


A number of resources on SSL

thawte - SSL Web Server Certificate FAQs

Why only one IP per SSL

Do you need a dedicated IP for each subdomain


It is possible to have a single IP with multiple subdomains with wildcard SSL - not yet proven

It might be possible to have SSL with multi-subdomain using apache rewrite!

Search for “Server Name Indication” for some possible solutions

Update

With Apache 2.2.12 and support for the SNI (Server Name Indication) extension to the SSL protocol, you can configure name-based HTTPS sites, just as you can name-based HTTP sites. See Reference. Here is a sample Apache configuration file:

Listen 443
NameVirtualHost *:443
SSLStrictSNIVHostCheck off
<VirtualHost *:443>
DocumentRoot /srv/www/example1.com/
ServerName www.example1.com
...
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /srv/www/example2.com/
ServerName www.example2.com
...
</VirtualHost>

Testing SSL Sites

https://www.ssllabs.com/index.html