I get this error when trying to start Apache.

_default_ virtualhost overlap on port 443

I'm trying to set up SSL. Almost every solution online says add:

NameVirtualHost *:443

to the conf file but Apache still fails to start and just says

Action start failed. the apache logs may have more information

There is zero information in the Apache logs.

  • Which logs are you checking? If you're on a Linux system, run netstat –lp --inet to see if some process is already running and using port 443.
    – Ansari
    Commented May 18, 2012 at 19:23
  • nope nothing else is using port 443. the problem is the conflict between my settings for <VirtualHost default:443> and <VirtualHost *:443>....
    – Mark
    Commented May 21, 2012 at 17:29
  • Note: I had put the NameVirtualHost bit inside an <IfModule mod_ssl.c> section - seemed sensible - but it must be outside that. Commented Jan 24, 2014 at 11:02
  • In 2.3.11 and later, any time an IP address and port combination is used in multiple virtual hosts, name-based virtual hosting is automatically enabled for that address.
    – ILMostro_7
    Commented Feb 4, 2014 at 11:02

To resolve the issue on a Debian/Ubuntu system modify the /etc/apache2/ports.conf settings file by adding NameVirtualHost *:443 to it. My ports.conf is the following at the moment:

# /etc/apache/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.

    NameVirtualHost *:443

    Listen 443

<IfModule mod_gnutls.c>
    NameVirtualHost *:443
    Listen 443

Furthermore ensure that 'sites-available/default-ssl' is not enabled, type a2dissite default-ssl to disable the site. While you're at it type a2dissite by itself to get a list and see if there is any other site settings that you have enabled that might be mapping onto port 443.

  • 1
    HI @MUYBelgium, that means there is another vhost that maps onto 443 port. Take a look in /etc/apache/sites-enabled/ or on Debian/Ubuntu disable all sites with a2dissite and enable them back one by one with a2ensite until error appears; hope this helps. Commented Sep 29, 2012 at 4:50
  • 1
    Yeah... I had same issue. Had to update ports.conf AND sites-avaialble/default-ssl (to replace default with *) THEN I could enable my other virtual hosts with SSL. Should edit your answer to include this additional information.
    – WernerCD
    Commented Oct 8, 2012 at 22:05
  • 6
    Thank you very much, adding NameVirtualHost *:443 fixed the problem! Users, please note that in modern Debian/Ubuntu with Apache2 the file is /etc/apache2/ports.conf Commented Jan 20, 2013 at 23:23
  • 1
    that's apache2.2; In 2.3.11 and later, any time an IP address and port combination is used in multiple virtual hosts, name-based virtual hosting is automatically enabled for that address. This directive currently has no effect.
    – ILMostro_7
    Commented Feb 4, 2014 at 11:00
  • 1
    Worked for me! I had the NameVirtualHost *:80 at the top but I did not have the NameVirtualHost *:443 in either of the other 2 places. Adding it fixed my issues.
    – Mageician
    Commented Aug 29, 2014 at 14:23

On a vanilla Apache2 install in CentOS, when you install mod_ssl it will automatically add a configuration file in:


This configuration file contains a default virtual host definition for port 443, named default:443. If you also have your own virtual host definition for 443 (i.e. in httpd.conf) then you will have a confict. Since the conf.d files are included first, they will win over yours.

To solve the conflict you can either remove the virtual host definition from conf.d/ssl.conf or update it to your own settings.

  • This was was the source of the error for me on CentOS and also helped explain the warning indicating that ssl_mod could not loaded twice.
    – nedblorf
    Commented Apr 20, 2013 at 16:48
  • 3
    Thanks for this, I struggled a bit to decode your answer. Comment out everything from the line <Virtualhost default:443> to line </Virtualhost> in ssl.conf for it to work.
    – Sahil
    Commented Oct 3, 2013 at 21:45
  • That makes sense -- for a single VH. I have hundreds in httpd.conf and I want to apply SSL to them all. If I remove the default:443 in ssl.conf, I will then have to put all the commands from it into every VH definition in httpd.conf, which is going to be overkill, surely. Commented Sep 3, 2015 at 10:32
  • Thanks for this! I was banging my head over trying to figure out why my aliased location directives were not being redirected to port 443! Sho' nuff, this was the issue. Commented Oct 2, 2015 at 3:02
  • Exactly what's happening to me. Saved my day :). I endup just rename the ssl.conf file to ssl.conf-dackup Commented Oct 5, 2016 at 21:14

It is highly unlikely that adding NameVirtualHost *:443 is the right solution, because there are a limited number of situations in which it is possible to support name-based virtual hosts over SSL. Read this and this for some details (there may be better docs out there; these were just ones I found that discuss the issue in detail).

If you're running a relatively stock Apache configuration, you probably have this somewhere:

<VirtualHost _default_:443>

Your best bet is to either:

  • Place your additional SSL configuration into this existing VirtualHost container, or
  • Comment out this entire VirtualHost block and create a new one. Don't forget to include all the relevant SSL options.
  • Hey thanks for the suggestion but i still cant get apache to work. theres a default-ssl file in /etc/apache2/sites-available which contains <VirtualHost default:443> and when i create a new file in /etc/apache2/sites-available for mydomain.com and include the SSL setting for <VirtualHost *:443>, I get the default vhost overlap on port 443 error. when i just have the default-ssl with my new SSL settings, i just get an action start failed when i try to start apache with nothing in the error logs...im completely tuck:(
    – Mark
    Commented May 21, 2012 at 17:27
  • after generating the ssl again and putting <VirtualHost default:443> into the pache2.conf file, apache is starting again and ssl i sworking:)
    – Mark
    Commented May 22, 2012 at 19:30
  • 1
    "With Apache 2.2.12 and support for the SNI (Server Name Indication) extension to the SSL protocol, you can configure name-based HTTPS sites, just as you can name-based HTTP sites." (techrepublic.com/blog/opensource/…) - only old versions of Internet Explorer may give you a headache with multiple host names on one IP address when using SSL...
    – BurninLeo
    Commented Jun 14, 2013 at 13:03
  • What if I commented it out and I still get this message when I restart Apache? grep -r _default_ /etc/httpd/ only turns up the vhost I commented out. Does Apache cache config files?
    – sv_lane
    Commented Apr 8, 2015 at 19:36

I ran into this problem because I had multiple wildcard entries for the same ports. You can easily check this by executing apache2ctl -S:

# apache2ctl -S
[Wed Oct 22 18:02:18 2014] [warn] _default_ VirtualHost overlap on port 30000, the first has precedence
[Wed Oct 22 18:02:18 2014] [warn] _default_ VirtualHost overlap on port 20001, the first has precedence
VirtualHost configuration:       is a NameVirtualHost
         default server xxx.com (/etc/apache2/sites-enabled/xxx.com.conf:1)
         port 80 namevhost xxx.com (/etc/apache2/sites-enabled/xxx.com.conf:1)
         [...]      is a NameVirtualHost
         default server yyy.com (/etc/apache2/sites-enabled/yyy.com.conf:37)
         port 443 namevhost yyy.com (/etc/apache2/sites-enabled/yyy.com.conf:37)
wildcard NameVirtualHosts and _default_ servers:
*:80                   hostname.com (/etc/apache2/sites-enabled/000-default:1)
*:20001                hostname.com (/etc/apache2/sites-enabled/000-default:33)
*:30000                hostname.com (/etc/apache2/sites-enabled/000-default:57)
_default_:443          hostname.com (/etc/apache2/sites-enabled/default-ssl:2)
*:20001                hostname.com (/etc/apache2/sites-enabled/default-ssl:163)
*:30000                hostname.com (/etc/apache2/sites-enabled/default-ssl:178)
Syntax OK

Notice how at the beginning of the output are a couple of warning lines. These will indicate which ports are creating the problems (however you probably already knew that).

Next, look at the end of the output and you can see exactly which files and lines the virtualhosts are defined that are creating the problem. In the above example, port 20001 is assigned both in /etc/apache2/sites-enabled/000-default on line 33 and /etc/apache2/sites-enabled/default-ssl on line 163. Likewise *:30000 is listed in 2 places. The solution (in my case) was simply to delete one of the entries.

  • Yep, this helped a lot. I had a sample www.example.com entry on 443 causing all my other 443 virtual hosts to emit errors.
    – David Mann
    Commented Nov 4, 2014 at 20:50

