[EDIT]
QUICK SUMMARY AFTER READING APACHE'S VHOST DOCS REAL QUICK:

So the root of the issue is that some sites are getting an IP, and others are just getting *. According to apache's docs, IP-matching comes FIRST, so the sections of the sites that don't get assigned IPs get ignored in favor of the default (first) IP-assigned site, and since the ServerAlias doesn't match, install.php is returned.

So the big question, now, is:
Why do some sites get an IP while others get the wildcard?

Reference, from apache's docs:
The default name-based vhost for an IP and port combination
If no matching ServerName or ServerAlias is found in the set of virtual hosts containing the most specific matching IP address and port combination, then the first listed virtual host that matches that will be used.

[/EDIT]

Hi.

I don't have much info yet, unfortunately, but hopefully with some help on IRC as to where to look I can be more helpful on this issue. For now, I can just give some details on my setup. I'll include everything I can think of, but bold what's relevant to this particular issue:

SSL certs:
wildcard-mysite.com <- wildcard cert with mysite.com and *.mysite.com as SANs

Web servers:
aeg (aegir obviously :P)
web1 (apache_ssl)
web2 (apache_ssl)
cluster (cluster - web1 and web2) <- not using because of #2613716: Cluster SSL not working for 2 apache-ssl servers

DB servers:
localhost (shocker, I know)
sqlmaster

Platforms:
Hostmaster (aeg)
Openatrium (aeg)
aeg-platform-dev20151109a (aeg)
cluster-platform-prod20151109a (cluster) <- not using because of #2613716: Cluster SSL not working for 2 apache-ssl servers
web1-platform-prod20151109a (web1)

Sites:
aeg (hostmaster / localhost / wildcard-mysite.com) <- Assigned public IP in alias file. SSL works perfectly.
cases (Openatrium / localhost / wildcard-mysite.com) <- Assigned public IP in alias file. SSL works perfectly.
dev-old (aeg-platform-dev20151109a / localhost / wildcard-mysite.com) <- Assigned public IP in alias file. SSL works perfectly.
dev-new (aeg-platform-dev20151109a / localhost / wildcard-mysite.com) <- No public IP in alias file. vhosts using *:443. SSL goes to "openatrium" install.php

So I'm not sure why the other three sites have SSL working, but new ones don't. The strange thing is that the vhosts file looks okay on the new site - just that the VirtualHost IP is *. I'm not sure why the other site's vhost is "winning".

I even re-verified one of the other sites, and it was still okay. Another thing that might be relevant - I have been using this same certificate across other servers and even the cluster (unsuccessfully on the cluster). I deleted a site on the other server pretty recently, so this may be related to that.

Thanks!

Comments

captainack created an issue. See original summary.

captainack’s picture

captainack CreditAttribution: captainack commented
Issue summary: View changes
captainack’s picture

captainack CreditAttribution: captainack commented
Issue summary: View changes

Since SNI is the suggested way to go, this issue is now obsolete. After switching removing all assigned IPs on servers and switching entirely to SNI, issue is resolved.

gboudrias’s picture

gboudrias CreditAttribution: gboudrias at Praxis Labs Coop commented
Status: Active » Closed (works as designed)
ergonlogic’s picture

ergonlogic
he/him
Primary language English
Location Montréal, Québec 🇨🇦
CreditAttribution: ergonlogic commented

Unfortunately, we still have IP address fields and such, which will lead people into this kind of failure. Maybe we need a cleanup issue to remove those fields?