I'd like to get lighttpd working with UCC certificates, but I can't seem to figure out the correct syntax.
Essentially, for each IP address, I have one UCC certificate and a bunch of hostnames.
$SERVER["socket"] == "10.0.0.1:443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/ssl/certs/the.ca.cert.pem"
ssl.pemfile = "/etc/ssl/private/websitegroup1.com.pem"
$HTTP["host"] =~ "mywebsite.com" {
server.document-root = /var/www/mywebsite.com/htdocs"
}
The above code works fine for one hostname, but as soon as I try to set up another hostname (note the same SSL cert):
$SERVER["socket"] == "10.0.0.1:443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/ssl/certs/the.ca.cert.pem"
ssl.pemfile = "/etc/ssl/private/websitegroup1.com.pem"
$HTTP["host"] =~ "anotherwebsite.com" {
server.document-root = /var/www/anotherwebsite.com/htdocs"
}
...I get this error: Duplicate config variable in conditional 6 global/SERVERsocket==10.0.0.1:443: ssl.engine
Is there any way I can put a conditional so that only if ssl.engine
is not already enabled, enable it? Or do I have to put all my $HTTP["host"]s inside the same $SERVER["socket"] (which will make config file management more difficult for me) or is there some entirely different way to do it?
This has to be repeated for multiple IPs too (so I'll have a bunch of SERVER["socket"] == 10.0.0.2:443"
etc), each with one UCC cert and many hostnames.
Am I going about this the wrong way entirely? My goal is to conserve IP addresses when I have many websites that are related and can share an SSL certificate, but still need their own SSL-accessible version from the appropriate hostname (instead of a single secure.mywebsite.com).