Apache Vhost Sequence
Apache default vhost

Find the sequence how Apache is serving the list of Virtual Hosts

Recently I was stuck in a situation where Vulnerability scan was failing due to expired SSL certificate. The SSL certificate which was failing was not belonging to any VirtualHost, which means that any Vhost had mistakenly set the wrong SSL certificate which was not belonging to itself. The server had 100s of Apache Virtual Hosts.

In case of multiple Vhosts Apache considers a sequence. First it serves the Vhosts which are starting by numeric names, then it serves vhost starting with alphabets in alphabetic order.

In my case either was not working. So I had to search them one by one which was a lengthy process. Luckily I found the command:


root@server:/home/user# apache2ctl -S
VirtualHost configuration: 
*:80                         is a NameVirtualHost 
default server FIRSTDOMAIN.COM (/etc/apache2/sites-enabled/FIRSTDOMAIN.COM.conf:1) 
port 80 namevhost FIRSTDOMAIN.COM (/etc/apache2/sites-enabled/FIRSTDOMAIN.COM.conf:1) 

port 80 namevhost SECONDDOMAIN.com (/etc/apache2/sites-enabled/SECONDDOMAIN.conf:1) 
alias www.SECONDDOMAIN.com 

*:443                       is a NameVirtualHost 
default server FIRSTDOMAIN.com (/etc/apache2/sites-enabled/FIRSTDOMAIN.com.conf:35) 
port 443 namevhost FIRSTDOMAIN.com (/etc/apache2/sites-enabled/FIRSTDOMAIN.com.conf:35) 
alias www.FIRSTDOMAIN.com 
port 443 namevhost SECONDDOMAIN.com (/etc/apache2/sites-enabled/SECONDDOMAIN.com.conf:35) 
alias www.SECONDDOMAIN.com


The output will be in above format. First it will list the default Vhost it is serving on port 80, then it will list all vhost being served in naming sequence.

Next it will start showing Vhosts being served on Port 443 in the same sequence as explained above.

Hope this will help troubleshooting.

Leave a Reply

Your email address will not be published.