# PSChomecare & PSCtesting HTTPS (Apache SNI)

## What went wrong (not Cursor, not a “folder pointer” in the app)

- Port **80** vhosts for `pschomecare.seethruit.net` and `psctesting.seethruit.net` were already correct: each `DocumentRoot` is under `/srv/www/seethruit/.../public/`.
- The **SSL vhosts** for those two hostnames were **not enabled** in `sites-enabled/`.
- On **443**, the **default** virtual host is `10toescrown.com` (`apache2ctl -S`). Any `https://` request whose hostname had **no matching** `*:443` vhost is served with that default — so the wrong `DocumentRoot` (10toescrown) appeared. Browsers and clients default to HTTPS, so the wrong site was shown often.
- The server also has a **wildcard** `VirtualDocumentRoot` for `/srv/www/client/%0/public` (port 80) for unmatched names; that is **unrelated** to 10toescrown unless a hostname is resolved there.

## Fix

Run (once) from `/srv/www/seethruit/`:

```bash
./ENABLE_PSC_HTTPS_VHOSTS.sh
```

It installs and enables the two SSL site configs, each pointing **only** at the correct tree under `/srv/www/seethruit/`.

If `apache2ctl configtest` reports missing certificate files, issue certs first, e.g.:

```bash
sudo certbot --apache -d pschomecare.seethruit.net
sudo certbot --apache -d psctesting.seethruit.net
```

Then re-run the script (or `sudo a2ensite` the two `*-le-ssl` configs and `sudo systemctl reload apache2`).

## Verify

```bash
sudo apache2ctl -S | grep -E 'pschomecare|psctesting|default server'
```

You should see `*:443` namevhost entries for both PSC hostnames, and they should not rely on 10toescrown.