i have a vServer with a domain (from strato) running on Apache2. My only running site has the following vHost:
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
SSLCertificateFile /etc/letsencrypt/live/example.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName www.example.de
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
and the following apache2ctl -S:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using xxx:xxx:xxx:xxxx::x. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server www.example.de (/etc/apache2/sites-enabled/vps.conf:2)
port 443 namevhost www.example.de (/etc/apache2/sites-enabled/vps.conf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
After all i read i should not be able to reach my server under www.example.com, because i never configured my DNS-entry to match that subdomain. I only have the entry example.de with the IPs set accordingly. But it do want to reach my Server under www so i changed ServerName to www.example.com. Funny thing is, that i'm able to reach my server under www.example.com AND example.com and there is no certificate error.
This is something i don't understand, but im willing to understand, because it bothers me.
FYI: The server is running owncloud.
Thanks!
The key here is "default server". Apache always has a "default server" ... which will accept connections for any site where the hostname doesn't match anything defined.
In this case, as your logs correctly show:
default server www.example.de (/etc/apache2/sites-enabled/vps.conf:2)www.example.de is your default site, and any un-matched hostnames will be sent to that site.
I generally recommend to people to setup a standard "404" site for the default site to tell people that they did not reach the correct site... and then make sure your proper domains are properly defined.