Thanks Michael, > > I have just enabled LetsEncrypt on a website on one of our 5209R > > servers with nginx enabled. > > > > When I go to https://website it loads the certificate for the host! > > > > Other vsites on the same server are working fine with LE. > > There are a couple of things here that you want to check. > > When you enable HTTPS (and don't have Nginx as SSL proxy enabled), then a > Vsite will have two separate <VirtualHost> containers. One for port 80 and one > for port 443. > > These containers are identical except for the port numbers and the SSL related > extras in the HTTPS <VirtualHost> container. > > If you access a Vsite via HTTPS and HTTPS is not enabled for it, then Apache > tries to figure out where this connection should go. With SNI in mind (which > allows multiple SSL enabled Vsites on the same IP) this could pretty much end > up on any other SSL enabled Vsite. It *usually* then should go to the > _default_ > <VirtualHost>, which is the one that's mentioned first in the Apache > configuration and that's the one that redirects to the GUI. > > Sometimes Apache gets really confused there. It might retain the > DocumentRoot of the Vsite you steered to, but uses the SSL certificate from > another <VirtualHost>. > > So you might want to check your apache configuration. A good start is to run > "httpd -S" on the command line, as it will list all <VirtualHost> containers > and > their load order. See if the Vsite in question has bot a port 80 and a port > 443 > container.
If I disable Nginx then it all works okay. If I enable Nginx some of the vsites default to the host SSL and some to their local SSL. :-/ > Check the siteX config files for that Vsite to make sure the webserver aliases > are listed. Make sure you have DNS A records for all of them. > Could be that one of the DNS A records has gone walkies and that will confuse > the heck out of Apache. Yep - DNS is all okay. > If all the configs look fine and even a restart of Apache doesn't solve it, > then you > might want to try to enable Nginx as SSL proxy just to see if it makes a > difference. It probably will. Kind regards Colin _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx