Create a VM with ansible and configure a DNS
Make Az DNS:
public-ip12 | Configuration
Choose the same as the VM name
Follow this guide up to step 3
WordPress HTTPS (self-signed) and WP API
Use this in the certificate as CN
vm-uksqa13.uksouth.cloudapp.azure.com
Up to step http
http://20.77.73.218 = Apache2 Default Page
http://vm-uksqa13.uksouth.cloudapp.azure.com/ = Apache2 Default Page
openssl cn
Common Name (e.g. server FQDN or YOUR name) []:vm-uksqa13.uksouth.cloudapp.azure.com
sudo nano /etc/apache2/sites-available/testssl.conf
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/test
ServerName 20.77.73.218
ServerAlias vm-uksqa13.uksouth.cloudapp.azure.com
<Directory /var/www/test/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName 20.77.73.218
ServerAlias vm-uksqa13.uksouth.cloudapp.azure.com
DocumentRoot /var/www/test
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>
sudo a2ensite testssl.conf
sudo apache2ctl configtest
sudo systemctl reload apache2
sudo service apache2 status
# this is what we have now
ls
000-default.conf default-ssl.conf testssl.conf
# Now none are using the certificate.
Must make new .conf with ip
sudo nano /etc/apache2/sites-available/20.77.73.218.conf
sudo a2ensite 20.77.73.218.conf
sudo a2dissite testssl.conf
sudo a2enmod rewrite
sudo apache2ctl configtest
sudo systemctl restart apache2
sudo systemctl enable apache2
sudo service apache2 status
http://20.77.73.218
http://vm-uksqa13.uksouth.cloudapp.azure.com/
Does not work with Public IP DNS (vm-uksqa13.uksouth.cloudapp.azure.com) as CN on certificate.
# Make CN with IP
# Keep same apache vhost config
# Remove current cert and run
sudo rm /etc/ssl/private/apache-selfsigned.key
sudo rm /etc/ssl/certs/apache-selfsigned.crt
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Common Name (e.g. server FQDN or YOUR name) []:20.77.73.218
sudo systemctl restart apache2
Yes, now cert is loaded
This DNS works now as server alias.