#StackBounty: #server #apache2 #ssl #certificates #apache2.4 Apache 2.4 randomly return wrong certificate

Bounty: 50

I’ve a server with ~50 different Virtual Hosts, ~10 with SSL enabled. Everything worked perfectly until last week, when I added another host with SSL, it is configured exactly like the other hosts, with the same brand of certificate, and Apache is randomly returning wrong certificate only for this host.

The strangest thing is that 50% of the time it returns the correct certificate, and the other 50% of the time it returns a wrong certificate, from another of the sites.

This is the .conf file of the new host:

<VirtualHost *:80>
        ServerName      new_site.com
        Redirect    /   https://new_site.com/
</VirtualHost>

<VirtualHost *:443>
        ServerName      new_site.com

        SSLEngine on

        SSLCertificateFile /var/ca/new_site/ServerCertificate.cer
        SSLCertificateKeyFile /var/ca/new_site/private.key
        SSLCertificateChainFile /var/ca/new_site/CACertificate.cer

        DocumentRoot /var/www/new_site
</VirtualHost>

My server is running Ubuntu Server 16.04.6 LTS with updated Apache from repositories:

Server version: Apache/2.4.18 (Ubuntu)
Server built:   2019-04-03T13:34:47

apachectl -t returns Syntax OK


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.