New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support multiple vhosts per file #1042

Closed
abstratt opened this Issue Oct 20, 2015 · 24 comments

Comments

@abstratt
Copy link

abstratt commented Oct 20, 2015

My Apache configuration declares multiple vhosts in one site configuration file. letsencrypt currently does not handle that.

Error: should only be one vhost in /etc/apache2/sites-available/000-default.conf
@pde

This comment has been minimized.

Copy link
Member

pde commented Oct 20, 2015

I think this is a dupe of #809 ?

@pde pde closed this Oct 20, 2015

@bmw

This comment has been minimized.

Copy link
Contributor

bmw commented Oct 20, 2015

@pde, this is not a dupe.

This refers to the fact that the Apache plugin currently doesn't allow multiple vhosts per file. #809 refers to a specific problem with multiple vhosts when using install. The example I gave in #809 has each vhost in a separate file.

@sjau

This comment has been minimized.

Copy link

sjau commented Oct 25, 2015

This is not the problem I have.

As you can see, the vhost of apache has 4 entries. One entry each for ipv4/6 and for non-/ssl. The first time I let letsencrypt create a certificate for such domain it works.

When I then remove all letsencrypt data files and stuff and re-try to create new cert. Then it fails.

So if the issue was really with 2 vhosts in the apache file, then the certs shouldn't be created the first time I run it either. Also I run it with "auth" so that only certs get created but nothing changed with Apache.

@SwartzCr

This comment has been minimized.

Copy link
Contributor

SwartzCr commented Nov 3, 2015

I'm going to take a look at this tomorrow, @jdkasten do you have any advice for me?

@pde

This comment has been minimized.

Copy link
Member

pde commented Nov 12, 2015

(if we aren't getting this done by launch, we could kick this ticket out of the milestone with a PR to make the error message more friendly).

@bmw

This comment has been minimized.

Copy link
Contributor

bmw commented Nov 24, 2015

I just made the simple change to improve this error message while we're working on this. If we decide we need to kick this out of the 1.0 milestone, we can do so without further changes to the code.

@pde

This comment has been minimized.

Copy link
Member

pde commented Nov 24, 2015

I think yes, let's kick it out of the milestone. We have a bunch of compelling apache tickets, it's not really clear this is the most important of them.

@bmw

This comment has been minimized.

Copy link
Contributor

bmw commented Mar 1, 2016

More information (as well as a sample vhost) provided in #2574.

@samwilson

This comment has been minimized.

Copy link

samwilson commented Mar 10, 2016

+1

1 similar comment
@antoinemichea

This comment has been minimized.

Copy link

antoinemichea commented Mar 11, 2016

+1

@jayshields

This comment has been minimized.

Copy link

jayshields commented May 1, 2016

+1

@acdha

This comment has been minimized.

Copy link

acdha commented May 12, 2016

If you've previously obtained a cert and followed the last couple decades of Apache practice by having a simple redirect block in the same file, both certonly or --standalone also fail in addition to the default process. Even if there's a harder general problem handling complex files, it should be possible to write an renewed certificate either way.

<VirtualHost *:80>
    ServerName example.org
    RedirectPermanent / https://example.org/
</VirtualHost>
<VirtualHost *:443>
    ServerName example.org
</VirtualHost>
@paradite

This comment has been minimized.

Copy link

paradite commented May 16, 2016

I had similar issue for my DO VPS, even when only having one vhost in the default conf file apache2.conf:

Error: should only be one vhost in /etc/apache2/apache2.conf

I fixed it by creating another conf file using
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/mysite.com.conf
moving the vhost block to the new conf file and running
sudo a2ensite mysite.com.conf

I've also written a post on this issue, if it helps: https://paradite.com/2016/04/09/apache2-config-for-letsencrypt-digitalocean-wordpress/

@Cirromulus

This comment has been minimized.

Copy link

Cirromulus commented Jan 11, 2017

Bump! If each Site has its .conf with vhost:80 and vhost:433, even renewal fails...
If you have 8 different Sites, you dont want to duplicate your files...

@m-mohr

This comment has been minimized.

Copy link

m-mohr commented Jan 13, 2017

We are also waiting for this.

@bmw bmw modified the milestones: 0.12.0, 0.11.0 Jan 18, 2017

@falzard

This comment has been minimized.

Copy link

falzard commented Feb 6, 2017

Yep, very very very very very very annoying, I don't even know how I'm gonna do with all these vhosts I must renew

@sjefen6

This comment has been minimized.

Copy link

sjefen6 commented Feb 6, 2017

--certonly should work

@falzard

This comment has been minimized.

Copy link

falzard commented Feb 6, 2017

Not with the dry run

@SwartzCr

This comment has been minimized.

Copy link
Contributor

SwartzCr commented Mar 1, 2017

@joohoi is working on this currently.
I'd like to point out that people should be able to +1 the top post rather than expressing their excitement for this in individual comments and that I'd also prefer that as it'll keep this message log clean. If you have specific needs or recommendations still feel free to share them, but let's try to keep traffic on this down as we've already prioritized it :D

@bmw bmw modified the milestones: 0.12.0, 0.13.0 Mar 2, 2017

@joohoi joohoi referenced this issue Mar 21, 2017

Closed

Multiple vhosts #4390

@bmw bmw added the has pr label Mar 28, 2017

@pde pde modified the milestones: 0.14.0, 0.13.0 Apr 5, 2017

@pde pde added the high priority label Apr 5, 2017

@craigarno

This comment has been minimized.

Copy link

craigarno commented May 2, 2017

If it will help this effort I will share one of my multiple vhost files I use for our homeowners association. It basically has to solve these usecase issues:

  1. Provide HTTPS/SSL security
  2. Provide regular HTTP access when there are SSL issues, redirect when not.
  3. Provide redirection for users who will type "www." in front of whatever domain name you give them for both HTTP and HTTPS vhosts. (easier than trying to modify 80+ households behaviors).
  4. More vhost redirection for other related sites like FACEBOOK.hoa.mydomain.com and www.FACEBOOK.hoa.mydomain.com
  5. Some additional simple access restrictions, like needing a username/password for access to certain areas of the site.

This requires at least 6 "vhosts" in the file to accomplish.

I already added my +1 for this issue at the top of this page.

@bmw

This comment has been minimized.

Copy link
Contributor

bmw commented May 3, 2017

Fixed in #4607 (which is really #4390).

@bmw bmw closed this May 3, 2017

@SwartzCr

This comment has been minimized.

Copy link
Contributor

SwartzCr commented May 3, 2017

!!!!!!!!!!!!!!!!! 🎉 🎉 🎉 !!!!!!!!!!!!!!!!!

@mhow2

This comment has been minimized.

Copy link

mhow2 commented Oct 9, 2017

Thanks ! But what about debian packages in Stretch ? They still run a rather old version (0.10.0)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment