Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/run/httpd/sslcache(1024000)"
SSLSessionCacheTimeout 3600
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
SSLStrictSNIVHostCheck off

SSLProtocol -all +TLSv1.2 +TLSv1.3

SSLCipherSuite "TLS_AES_128_GCM_SHA256 \
TLS_AES_256_GCM_SHA384 \
TLS_CHACHA20_POLY1305_SHA256 \
ECDHE-ECDSA-AES128-GCM-SHA256 \
ECDHE-ECDSA-AES256-GCM-SHA384 \
ECDHE-ECDSA-AES128-SHA \
ECDHE-ECDSA-AES256-SHA \
ECDHE-ECDSA-AES128-SHA256 \
ECDHE-ECDSA-AES256-SHA384 \
ECDHE-RSA-AES128-GCM-SHA256 \
ECDHE-RSA-AES256-GCM-SHA384 \
ECDHE-RSA-AES128-SHA \
ECDHE-RSA-AES256-SHA \
ECDHE-RSA-AES128-SHA256 \
ECDHE-RSA-AES256-SHA384 \
DHE-RSA-AES128-GCM-SHA256 \
DHE-RSA-AES256-GCM-SHA384 \
DHE-RSA-AES128-SHA \
DHE-RSA-AES256-SHA \
DHE-RSA-AES128-SHA256 \
DHE-RSA-AES256-SHA256 \
EDH-RSA-DES-CBC3-SHA"

SSLHonorCipherOrder on
SSLCompression off

SSLUseStapling On
SSLStaplingCache shmcb:/run/httpd/stapling_cache(128000)

############# MAINHOST.COM ################
<VirtualHost *:443>
    ServerName www.mainhost.com
    ServerAlias mainhost.com
    DocumentRoot "/usr/local/apache2/htdocs"

    AddDefaultCharset UTF-8

    Protocols h2 http/1.1

    SetOutputFilter BROTLI_COMPRESS;DEFLATE
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip no-brotli dont-vary

    SSLEngine on
    Header always set Strict-Transport-Security "max-age=31536000"
    #SSLCertificateFile /etc/pki/tls/certs/server.crt
    #SSLCertificateKeyFile /etc/pki/tls/private/server.key

    #Let's encrypt(wildcard)
    SSLCertificateFile /etc/letsencrypt/live/mainhost.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mainhost.com/privkey.pem
    #Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateChainFile /etc/letsencrypt/live/mainhost.com/chain.pem

    ErrorLog "logs/https-error_log"
    CustomLog "logs/https-access_log" combined
</VirtualHost>


############# EXAMPLE.COM ################
<VirtualHost *:443>
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot "/usr/local/apache2/htdocs/example.com"

    AddDefaultCharset UTF-8

    Protocols h2 http/1.1

    SetOutputFilter BROTLI_COMPRESS;DEFLATE
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip no-brotli dont-vary

    SSLEngine on
    Header always set Strict-Transport-Security "max-age=31536000"
    #SSLCertificateFile /etc/pki/tls/certs/server.crt
    #SSLCertificateKeyFile /etc/pki/tls/private/server.key

    #Let's encrypt
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    #Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

    ErrorLog "logs/https-error_log"
    CustomLog "logs/https-access_log" combined
</VirtualHost>