Setup Dual Domain on 1 Server

Current Status: Only one domain (AyotteConsulting-Production) is configured

Initial Setup

ssh-keygen -R 3.148.89.12  # Clear old SSH cache if needed
ssh ubuntu@3.148.89.12     # Replace with actual IP of new server

Server Configuration

1. System Updates

sudo apt update
sudo apt upgrade -y
sudo apt autoremove --purge -y
sudo reboot

2. Apache Installation

sudo apt install apache2 -y

3. Directory Setup

sudo mkdir -p /var/www/ayotteconsulting.com
sudo chown -R ubuntu:www-data /var/www/ayotteconsulting.com
sudo chmod -R 755 /var/www/ayotteconsulting.com

4. Create Test Page

Create file: sudo nano /var/www/ayotteconsulting.com/index.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Ayotte Consulting - Test Page</title>
</head>
<body>
    <h1>Ayotte Consulting Test Page</h1>
    <p>If you see this page, the server is working!</p>
</body>
</html>

5. Apache Configuration

Create file: sudo nano /etc/apache2/sites-available/ayotteconsulting.com.conf

<VirtualHost *:80>
    ServerName ayotteconsulting.com
    ServerAlias www.ayotteconsulting.com
    DocumentRoot /var/www/ayotteconsulting.com

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

6. Enable Site and Modules

sudo a2ensite ayotteconsulting.com.conf
sudo a2dissite 000-default.conf
sudo a2enmod headers
sudo systemctl reload apache2

7. Validate HTTP Works (Test in Browser)

Go to: http://[your IP] or http://ayotteconsulting.com

You should see your test page.

8. Install Certbot + SSL Cert

sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache -d ayotteconsulting.com -d www.ayotteconsulting.com
sudo certbot renew --dry-run

Certbot will:

• Obtain the cert
• Automatically create /etc/apache2/sites-available/000-ayotteconsulting-le-ssl.conf
• Enable it

9. Confirm SSL Works

Go to: https://ayotteconsulting.com

Cert should be valid. Site should load.

10. Optional: Harden HTTPS Config (Headers, HSTS)

Edit:

sudo nano /etc/apache2/sites-available/000-ayotteconsulting-le-ssl.conf

Replace the entire configuration block with the following:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName ayotteconsulting.com
    ServerAlias www.ayotteconsulting.com
    DocumentRoot /var/www/ayotteconsulting.com

    # SSL Configuration
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/ayotteconsulting.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/ayotteconsulting.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    # Security Headers
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Permissions-Policy "geolocation=(), microphone=()"
    Header always set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://*; font-src 'self' https://*; connect-src 'self'; object-src 'none';"
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfModule>

Then reload Apache:

sudo apachectl configtest
sudo systemctl reload apache2

11. Enable the SSL Site

sudo a2ensite 000-ayotteconsulting-le-ssl.conf

12. Disable the HTTP Default Site

sudo a2dissite 000-default.conf

13. Reload Apache

sudo systemctl reload apache2

14. Verify SSL is Working

Now, test https://ayotteconsulting.com in your browser to confirm that SSL is properly set up, and that the security headers are working as expected.

15. HTTP Observatory

Run a security scan and see an A+ rating (Fingers Crossed)

Visit: Mozilla Observatory to test your site's security configuration.