Apache, mixing http and https virtual hosts [closed]

Question

Closed. This question is not about programming or software development. It is not currently accepting answers.

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed last month.

Improve this question

I am hosting 6 websites. One is for my personal use, and access is intended to be https. So a self-signed cert is just the ticket. I created the cert, and that virtual host works on https.

However, set up this way, when anyone tries to access the other five sites via https, (which browsers try first) which I do not want to work or cause access problems, instead of the website they're trying to get to, Apache dumps them right into my one secure site, which is entirely weird and unwanted and unexpected behavior.

Creating more self-signed certs for the other sites and adding the other SSL configs for them works, but since these are self-signed, browsers object strenuously and frighten off most visitors. I don't want to add the complexity of auto-generated free certs, either. Because reasons. And paying for them is right out. These are free sites I host as a public service with no data issues.

So: is there a way to configure Apache to host both one https site and the other five as only http without this SSL fallback-to-the-wrong-website behavior?

I could set up a second machine and host the https site there with the SSL port sent there and the http port still sent to the current server. But that seems like excessive hoop jumping, no?

Apache configuration is not a programming/development question, and thus is off-topic for Stack Overflow. — President James K. Polk
– President James K. Polk, Commented Jan 18 at 20:26
"instead of the website they're trying to get to, Apache dumps them right into my one secure site" - that is due to what httpd.apache.org/docs/2.4/vhosts/name-based.html#alg explains, "If no matching ServerName or ServerAlias is found in the set of virtual hosts containing the most specific matching IP address and port combination, then the first listed virtual host that matches that will be used." — C3roe
– C3roe, Commented Jan 19 at 10:04

Steffen Ullrich · Accepted Answer · 2026-01-18 17:30:16Z

1

It is impossible to have a listener on a single IP address port 443 (HTTPS) and TCP accept connections for one domain but not another domain. This is because at the moment the connection gets accepted the domain the client wants to visit is not known yet. This domain gets send by the client only as part of the TLS handshake, i.e. after the successful TCP handshake.

Thus if you want to have a listener on HTTPS for some domains but not for others you would need to have these domains mapped to different IP addresses and then bind the VirtualHost for the HTTPS domain only to the assigned IP address.

answered Jan 18 at 17:30

Steffen Ullrich

125k11 gold badges157 silver badges194 bronze badges

Sign up to request clarification or add additional context in comments.

Collectivesâ„¢ on Stack Overflow

Apache, mixing http and https virtual hosts [closed]

1 Answer 1

Comments

Hot Network Questions

Collectivesâ„¢ on Stack Overflow

1 Answer 1

Comments

Related