new virtual server SSL apache listen wildcard

IRC chat log: https://pastebin.com/wYPm0LYh

upon creating a new virtual server, the apache config file creates a virtualhost that listens on *:80, which is exactly what i want, but if you add a letsencrypt cert to it, it creates an additional virtualhost listening on the IP:443 but that should also be *:443

Status: 
Needs review

Comments

Howdy -- we'd actually recommend against using a "*" in any of those VirtualHost definitions... we suggest always using x.x.x.x:PORT.

Virtualmin will do that by default, unless there is an existing definition containing a * character. That's probably the default domain added by Ubuntu.

My suggestion would be to delete the default domain with "a2dissite 000-default", and then switch all the sites you have there to use x.x.x.x:PORT.

Once you do that, all new sites will also have that same format.

munsking's picture
Submitted by munsking on Thu, 07/06/2017 - 11:26

Hello, if i do that, i get https errors like "ssl_error_rx_record_too_long" or i get the wrong certificate (different domain). Could that be because my server uses dhcp and natting to the public IP?

https://wiki.hetzner.de/index.php/Netzkonfiguration_Debian/en#vServers_....

vServers (CX models)

The configuration of standard installations is done via DHCP since, with CX vServers, the public IP is assigned to the interal IP via 1:1 NAT. A static configuration is possible - but it is not recommended since future new features might require you to make adjustments.

Yeah if you're on NAT, you'd want to ensure that Apache is using the internal IP's of your server, and not the external IP's.

Try changing your Apache config to use your internal IP's, and then restart Apache afterwards.

It doesn't sound like you're seeing a bug there though -- since it looks like you're using Virtualmin GPL, if you had any additional questions, we'd encourage you to ask those in the Forums. We monitor the Forums, along with lots of wonderful folks in the community.

Thanks!

munsking's picture
Submitted by munsking on Thu, 07/06/2017 - 12:22

Alright, i'll give that a shot then. Sorry if this was the wrong place to ask, but someone on IRC said i should because it might be a bug (i kinda expected it was a misconfiguration on my part though)

thanks for the help and i won't bother you again (until i get my boss to use virtualmin pro ;) )!

unborn's picture
Submitted by unborn on Thu, 07/06/2017 - 13:21 Pro Licensee

Hi, it was me who was chatting to this guy, and said *:443 seems to me as a bug as I did solved this issue before for couple of users on ubuntu.. I am also behind nat which I did explained to user, during a chat I thougt he uses server not behind the nat, means I thought that he should have public ip there.. than a bit later comes out from user that hes behind nat, but I did not react as I was doing other things as well.. anyway I asked that user if he could open the ticket here as an issue as I thought it was an bug and pointed even link to issue tracker for him.. raw and full log from irc is here:

https://paste.topfreelancer.co.uk/?7edacb01813bbd5a#MCbvtqoZZ4j+R07+8GC3...