Apache error: _default_ virtualhost overlap on port 443
To resolve the issue on a Debian/Ubuntu system modify the /etc/apache2/ports.conf
settings file by adding NameVirtualHost *:443
to it. My ports.conf
is the following at the moment:
# /etc/apache/ports.conf# If you just change the port or add more ports here, you will likely also# have to change the VirtualHost statement in# /etc/apache2/sites-enabled/000-default# This is also true if you have upgraded from before 2.2.9-3 (i.e. from# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and# README.Debian.gzNameVirtualHost *:80Listen 80<IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. NameVirtualHost *:443 Listen 443</IfModule><IfModule mod_gnutls.c> NameVirtualHost *:443 Listen 443</IfModule>
Furthermore ensure that 'sites-available/default-ssl' is not enabled, type a2dissite default-ssl
to disable the site. While you're at it type a2dissite
by itself to get a list and see if there is any other site settings that you have enabled that might be mapping onto port 443.
On a vanilla Apache2 install in CentOS, when you install mod_ssl it will automatically add a configuration file in:
{apache_dir}/conf.d/ssl.conf
This configuration file contains a default virtual host definition for port 443, named default:443. If you also have your own virtual host definition for 443 (i.e. in httpd.conf) then you will have a confict. Since the conf.d files are included first, they will win over yours.
To solve the conflict you can either remove the virtual host definition from conf.d/ssl.conf
or update it to your own settings.
It is highly unlikely that adding NameVirtualHost *:443
is the right solution, because there are a limited number of situations in which it is possible to support name-based virtual hosts over SSL. Read this and this for some details (there may be better docs out there; these were just ones I found that discuss the issue in detail).
If you're running a relatively stock Apache configuration, you probably have this somewhere:
<VirtualHost _default_:443>
Your best bet is to either:
- Place your additional SSL configuration into this existing
VirtualHost
container, or - Comment out this entire
VirtualHost
block and create a new one. Don't forget to include all the relevant SSL options.