[BlueOnyx:22090] Re: SSL help please

[Michael Stauber]

Hi Colin,

> I have just enabled LetsEncrypt on a website on one of our 5209R servers
> with nginx enabled.
> 
> When I go to https://website it loads the certificate for the host!
> 
> Other vsites on the same server are working fine with LE.

There are a couple of things here that you want to check.

When you enable HTTPS (and don't have Nginx as SSL proxy enabled), then
a Vsite will have two separate <VirtualHost> containers. One for port 80
and one for port 443.

These containers are identical except for the port numbers and the SSL
related extras in the HTTPS <VirtualHost> container.

If you access a Vsite via HTTPS and HTTPS is not enabled for it, then
Apache tries to figure out where this connection should go. With SNI in
mind (which allows multiple SSL enabled Vsites on the same IP) this
could pretty much end up on any other SSL enabled Vsite. It *usually*
then should go to the _default_ <VirtualHost>, which is the one that's
mentioned first in the Apache configuration and that's the one that
redirects to the GUI.

Sometimes Apache gets really confused there. It might retain the
DocumentRoot of the Vsite you steered to, but uses the SSL certificate
from another <VirtualHost>.

So you might want to check your apache configuration. A good start is to
run "httpd -S" on the command line, as it will list all <VirtualHost>
containers and their load order. See if the Vsite in question has bot a
port 80 and a port 443 container.

Check the siteX config files for that Vsite to make sure the webserver
aliases are listed. Make sure you have DNS A records for all of them.
Could be that one of the DNS A records has gone walkies and that will
confuse the heck out of Apache.

If all the configs look fine and even a restart of Apache doesn't solve
it, then you might want to try to enable Nginx as SSL proxy just to see
if it makes a difference. It probably will.

-- 
With best regards

Michael Stauber