This blog will cover how to have 2 SSL (HTTPS) websites configured and running smoothly on the same Apache2 web server (which aint easy!).

First of all, ensure you have your two websites created already (/var/www/site1 and /var/www/site2, for example). Also, ensure you have your DNS setup for those two websites to point to the same server, i.e.

site1 IN A

site2 IN A

(Where is the external IP of my router, and I have port forwarding sending all TCP443 traffic to the internal IP of (for example)).

Firstly, once Apache2 is installed, navigate to /etc/apache2/sites-available and create two files, ‘site1.conf’ and ‘site2.conf’ as below:

touch site1.conf
touch site2.conf

These are the two config files for your websites. Within each of these files, you will need to tell Apache2 where your actual website is (i.e. /var/www/site1 and /var/www/site2). So lets crack open site1 and populate it:

ServerAdmin [email protected]
DocumentRoot /var/www/site1
ServerAlias *
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

This is a very simple apache config that tells Apache we have created a virtualhost, listening on any IP that box has, for traffic on port 443. We tell Apache what our website domain is ( and where to go when that domain is hit (/var/www/site1). Do the same for site2, but change the names from ‘site1..’ to ‘site2..’ and your done.

Next, we need to generate the SSL certificates.


I use for my certificates, as it is completely free and is very simple to use. I am not going to go through the ins and outs of signing up (as i cant remember myself!) however there is a great guide that covers it here (Start reading from: “Verify Your Domain Name with StartSSL”) and stop once your website is verified.

Now, this is VERY IMPORTANT. You cannot generate your certificates with until you have first generated your keys on the server on which you will be hosting your website(s).

So, lets generate the keys!

Firstly, navigate to /etc/apache2/ssl and create two directories – / and /

cd /etc/apache2/ssl

Next, navigate into the first directory:


Now lets go ahead and create our keys, and then create our CSR which we will then use to generate our startssl certificate. Note, after running the first command you will be prompted for some information – please ensure the FQDN of your domain is correct (i.e. it is if thats the name you’ll be adding in, etc):

openssl genrsa -out site1ehertz.key 2048
openssl req -new -key site1ehertz.key -out site1ehertz.csr

Next, lets go to the site2 folder in /ssl and do the same:

cd ../
openssl genrsa -out site2ehertz.key 2048
openssl req -new -key site2ehertz.key -out site2ehertz.csr

We now have the two .csrs required to create certificates on Once logged into, navigate to ‘Certificates Wizard’ and choose ‘Web Server SSL/TLS Certificate’:

Next, enter the domain in the ‘Domain:’ field. This should be the same domain you entered in the apache config file and also the same domain you entered when creating your keys a few minutes ago (i.e.

Now, go back to the command line and navigate to /etc/apache2/ssl/ and copy the contents of the site1ehertz.csr file:

cd /etc/apache2/ssl/
cat site1ehertz.csr

Copy the output, and then paste it into the ‘Please submit your Certificate Signing Request (CSR):’ box on

On clicking submit, your certicate will be generated and become available to download as a zip file via the ‘SSL/TLS Server’ column on the right hand side (simply click on the domain name):

Screenshot 2015-12-23 10.58.24

Once downloaded, unzip the file and then unzip the ‘Apache’ file also. This will give you two files:

  • 1_root_bundle.crt

Copy the ‘’ file to the /etc/apache2/ssl/ folder (you will likely need to scp the file to the server first, then copy it).

Once the file is in there, you should be able to see three files:

ls -la /etc/apache2/ssl/
total 1MB
-rw-r--r-- 1 root root 1MB Dec 23 09:38 site1ehertz.key
-rw-r--r-- 1 root root 1MB Dec 23 09:39 site1ehertz.csr
drwxr-xr-x 2 root root 1MB Dec 23 10:03 .
drwxr-xr-x 4 root root 1MB Dec 23 10:53 ..
-rw-r--r-- 1 root root 1MB Dec 23 2015

Do this exact process for, and you will now have two valid certificates and two valid keys in each folder (1 per folder…). There is one final file we need to download before we can configure Apache.

Simply go to the directory above (/etc/apache2/ssl/) and download the ca.pem file from startssl:

cd /etc/apache2/ssl

And thats it! Now, lets configure Apache2.

Now, we have only one thing left to do – configure the actual apache configs for our two websites.

cd /etc/apache2/sites-available
nano site1.conf

Within site1.conf, remove the config and add  the following config:

ServerAlias *
#StartSSL config below
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
 SSLCertificateFile /etc/apache2/ssl/
 SSLCertificateKeyFile /etc/apache2/ssl/
 SSLCertificateChainFile /etc/apache2/ssl/
#### End of SSL Configuration ####
DocumentRoot /var/www/site1/

 Options Indexes FollowSymLinks MultiViews
 AllowOverride All
 Require all granted

Do the same for site2.conf (changing ‘site1.’ to ‘site2.’ wherever mentioned) and voila, you now have two SSL enabled websites.

Next, ensure you’ve enabled both site1 and site2 by running

a2ensite site1.conf
a2ensite site2.conf

Run ‘apachectl configtest’ to test your configs (all should be fine), and then bounce apache2 one final time using ‘service apache2 reload’ and voila – you now have 2, SSL enabled virtualhosts on the same server.