Server aliases with apache server feature offer to specify a different IP address than their parent server at creation time, but the different IP is not configured

Title says it all :-) :

Server aliases with apache server feature offer to specify a different IP address than their parent server at creation time, but the different IP is not configured

No rush, just saw it on my way while trying to find a way to have multiple domains included in Let's Encrypt SSL certificates for postfix SMTP servers serving multiple domains on different IP addresses. Will open a different feature-suggestion ticket once I have figured out what's my best way for multi-domain Let's Encrypt certs.

Status: 
Active

Comments

When you say the IP isn't configured, do you mean it isn't used in DNS, the Apache config, or somewhere else?

It hasn't been configured in the Apache config (that was the actual bug), and thus the alias has the same IP as the parent server, even though at alias creation a different IP address has been given.

Parent server had a dedicated IP address, and the IP address given for the alias was the main IP address of the computer's Internet connection.

That main server had just Apache and SSL services enabled (no DNS, no mail, no Webmin login, as DNS was handled on another server).

Ok, I'll look into this and see if there's a way it can be handled better. Aliases on different IPs aren't well supported (or recommended) in Virtualmin currently.

Maybe just removing the IP address config option for aliases creation is then best ?

I wasn't expecting this to be even easily possible. In the end I didn't need it.

Actually, in my case, it had only to do with being able to get the http access to the token for Let's Encrypt. And that is actually only needed for creating the cert. As I understand, it is not needed anymore for autorenewals. Correct ? (in that case, there is imho no reason to keep those .well-known folders once the cert is created... it just triggers intrusion/changes-detection tools (e.g. in Owncloud).

The renewal process for Let's Encrypt is the same as the process for issuing (as far as I know). So the .well-known folder still has to be accessible.