I've been banging my head against the wall trying to figure out how to setup multiple SSL certificates on an amazon VPC instance (I'm using amazon's standard linux AMI)
Here's what I did:
- I setup a VPC instance
- Added a secondary private IP address
- Added 2 elastic IP addresses & "linked" them to the private ones
- Went to my domain registrar & pointed two test domains to the elastic IP addresses
- Waited until new IP addresses were propagated
- I uploaded the SSL certificates to the VPC instance
Then I tried editing ssl.conf, see line 74 to 93 & httpd.conf, see line 1046 to 1086:
ssl.conf
<VirtualHost domain1.com:443>
ServerName www.domain1.com:443
DocumentRoot "/var/www/html"
SSLENGINE on
SSLCertificateFile /etc/ssl/domain1_com.crt
SSLCertificateKeyFile /etc/ssl/domain1_com.key
SSLCertificateChainFile /etc/ssl/domain1_com.ca-bundle
</VirtualHost>
<VirtualHost _default_:443>
...Default SSL certificate (domain1.com) here...
</VirtualHost>
httpd.conf
<VirtualHost *:80>
ServerName domain1.com
ServerAlias www.domain1.com
DocumentRoot /var/www/html
ServerAdmin webmaster@domain1.com
</VirtualHost>
<VirtualHost *:80>
ServerName domain2.com
ServerAlias www.domain2.com
DocumentRoot /var/www/html
ServerAdmin webmaster@domain2.com
</VirtualHost>
I also tried <VirtualHost *:443>
and <VirtualHost IP.ADDRESS:443>
, didn't work either.
The result is basically this:
- domain1.com (which is the default SSL certificate) works just fine (resolve fine, green bar)
- domain2.com: doesn't even resolve to anything, even though when I do
ping www.domain2.com
, I get the correct elastic IP
My question is: Any idea how to make domain2.com resolve & use the correct SSL certificate?
EDIT / Additional Info:
I also tried this:
- Temporarily stopped firewall as suggested, ie.
sudo service iptables stop
- From outside of EC2,
curl --connect-timeout 10 https://domain2.com
gave me this curl: (28) connect() timed out!
wget https://www.domain2.com/
gave me this: --2013-10-03 15:57:22-- domain2.com Resolving www.domain2.com... 54.229.111.22 Connecting to www.domain2.com|54.229.111.22|:443... failed: Connection timed out. Retrying.
EDIT (2):
I noticed 2 things:
- If I use 2 network interfaces (each NIC with one private IP)
sudo ifconfig
doesn't show the 2nd NIC (ie. eth1
), and wether I use one or two NICs, sudo ifconfig
always return the 1st private IP (10.0.0.10), never the 2nd one (10.0.0.183)
Unsurprisingly, the unreachable website domain2.com
corresponds to the 2nd IP (which is missing): 10.0.0.183
- This command
curl --interface 10.0.0.10 ifconfig.me
correctly retuns the elastic IP address associated to domain1.com
while
This command curl --interface 10.0.0.183 ifconfig.me
retuns:
curl: (45) bind failed with errno 99: Cannot assign requested address
- I followed this guid, I can see
eth1
, but domain2.com
is still unreachable
And curl --interface 10.0.0.183 ifconfig.me
now returns this:
curl: (7) Failed connect to ifconfig.me:80; Connection timed out