$VH_DOMAIN not working in Template SSL config (also Lets Encrypt)

[Mike Kasprzak]

Hello,

I'm using Virtual Host Templates, and I'm trying to set up the SSL configuration to automatically use files generated by Lets Encrypt. By default, Lets Encrypt SSL certificates and keys are put a folder like this:

/etc/letsencrypt/live/my.domain.com/

I found mention of a variable $VH_DOMAIN to reference the domain part of the template, but that doesn't seem to work here. With the following is set on the SSL page of my template:

Private Key: /etc/letsencrypt/live/$VH_DOMAIN/privkey.pem

Certificate: /etc/letsencrypt/live/$VH_DOMAIN/fullchain.pem

Looking at the error log, it seems the variable $VH_DOMAIN does not resolve:

> Path for certificate file is invalid: /etc/letsencrypt/live/$VH_DOMAIN/fullchain.pem

Also, if an alias domain matches, what will $VH_DOMAIN resolve to (the specific alias or the domain)? Since I'm trying to set up SSL, I need a variable that exactly matches the domain the user requested.

Thanks,

Mike Kasprzak

[David]

Hi Mike,

Usually we use $VH_NAME, $VH_ROOT,  and $SERVER_ROOT as the variables, in most cases, they will be expanded.
I will check if the $VH_DOMAIN works here or not.
And if $VH_DOMAIN works, in the case that it has an alias, it still will match the domain.

Thanks.
David

--
You received this message because you are subscribed to the Google Groups "OpenLiteSpeed Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openlitespeed-deve...@googlegroups.com.
To post to this group, send email to openlitespee...@googlegroups.com.
Visit this group at https://groups.google.com/group/openlitespeed-development.
For more options, visit https://groups.google.com/d/optout.

[Mike Kasprzak]

It would be extremely helpful if it does. After all, $VH_NAME is often useful as the directory name to pull files from for the domain and domain aliases. Without $VH_DOMAIN, there's really not a nice way otherwise to use Lets Encrypt with Templates and domain aliases.

[David]

We will make $VH_DOMAIN work.
Thanks.
David

--

[Mike Kasprzak]

Awesome. Thank you David.

[Danny]

Thanks for this.  It's perfect for my needs. I've verified it works with 1.4.23

A note to anyone else looking to use VHost Templates with SSL: OLSWS reads and processes the templated configs at load time, and if you use $VH_DOMAIN in the ssl certificate path, it expects a certificate to be present for EVERY domain which is a member of this template.

So if you want some domains to have SSL and some not, you have two options.

1. Create self signed certificates for the "non-SSL" sites (so they will have broken SSL instead of none at all)

2. Create a template for HTTP+HTTPS sites and a separate template for only HTTP sites.

Cheers

[aisonet]

Can you provide examples of your virtual host template and main httpd_config.conf ?

I have OpenLiteSpeed v1.4.24-2 with SNI and multiple domains with SSL working without issue as regular virtual hosts and listener mapping. But once I switch to a virtual host template configuration it seems like it will only load the listener SSL cert and not use SNI to go down into the virtual host vhconf.conf file and get the related virtual host SSL cert files to be used. OpenLiteSpeed accepts the config and makes the listener green and virtual hosts green, but it domains just dont pull their SSL certs. What am I doing wrong?