VirtualHostのトップドメインのみにSSL証明書を設定


■環境

  • Server version: Apache/2.2.15 (Unix)
  • OpenSSL 1.0.1e-fips 11 Feb 2013
  • VirtualHost
    • hogehoge.com <=ここにSSL証明書をインストール
      • www.hogehoge.com <= トップドメインにリダイレクト
      • watashi.hogehoge.com
      • festival.hogehoge.com
  • SSl証明書の購入先

■参考手順

vhost.conf
NameVirtualHost *:80
NameVirtualHost *:443

#main
    <VirtualHost *:80>
        DocumentRoot /var/www/html/public
        ServerName hogehoge.com
        ServerAlias www.hogehoge.com

        RewriteEngine on
        RewriteCond %{HTTP_HOST} ^(www\.hogehoge\.com)(:80)? [NC]
        RewriteRule ^/(.*) http://hogehoge.com/$1 [R=301,L]

        ErrorLog /var/log/httpd/hogehoge.com/error_log
        CustomLog /var/log/httpd/hogehoge.com/access_log combined

            <Directory "/var/www/html/public">
                AllowOverride All
            </Directory>
    </VirtualHost>

#main-ssl
    <VirtualHost *:443>
        DocumentRoot /var/www/html/public
        ServerName hogehoge.com:443
        ServerAlias www.hogehoge.com

       ErrorLog /var/log/httpd/hogehoge.combinedom/error_log
        CustomLog /var/log/httpd/hogehoge.com/access_log combined

        RewriteEngine on
        RewriteCond %{HTTP_HOST} ^(www\.hogehoge\.com) [NC]
        RewriteRule ^/(.*) https://hogehoge.com/$1 [R=301,L]

        SSLEngine on
        SSLCertificateChainFile /etc/httpd/conf/ssl.crt/intermediate_hogehoge.com.2016.cer
        SSLCertificateFile /etc/httpd/conf/ssl.crt/hogehoge.com.2016.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/ssl.hogehoge.com.key

            <Directory "/var/www/html/public">
               AllowOverride All
            </Directory>

         SetEnvIf User-Agent ".*MSIE.*" \
               nokeepalive ssl-unclean-shutdown \
               downgrade-1.0 force-response-1.0
    </VirtualHost>


#sub-festival
    <VirtualHost *:80>
        DocumentRoot /var/www/html/fest
        ServerName festival.hogehoge.com

        ErrorLog /var/log/httpd/festival.hogehoge.com/error_log
        CustomLog /var/log/httpd/festival.hogehoge.com/access_log combined

           <Directory "/var/www/html/fest">
                AllowOverride All
            </Directory>

    </VirtualHost>

#sub-watashi
    <VirtualHost *:80>
        DocumentRoot /var/www/html/watashi
        ServerName watashi.hogehoge.com

        ErrorLog /var/log/httpd/watashi/error_log
        CustomLog /var/log/httpd/watashi/access_log combined

          <Directory "/var/www/html/watashi">
                AllowOverride All
          </Directory>

    </VirtualHost>

以上

■トップドメインディレクトリにある.htaccessのリダイレクト設定

http://~にアクセスした場合、https://~へリダイレクトする設定を書きました。

.htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /var/www/html/public
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

#---ここから---
#http to https 
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
#---ここまで---
</IfModule>
# END WordPress

■おまけ

最初は設定の誤りのためか、httpd の起動がエラーが発生してしまいました。
おそらく、設定の途中でミスを犯していたのだと思います。

今回は、CSRの再作成、証明書の再発行からやり直して無事クリア。

errorlog
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[warn] RSA server certificate CommonName (CN) `AlphaSSL CA - SHA256 - G2' does NOT match server name!?
[error] Unable to configure RSA server private key
[error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[warn] Init: (tk2-229-24426.vs.sakura.ne.jp:443) You configured HTTP(80) on the standard HTTPS(443) port!