We have a server with over 300 vhosts on it. Marketing/CMS madness I guess.
All on the same domain name. Many VirtualHosts are defined with *:443
and then ServerName to rely on SNI.We have a wildcard cert for the domain and all the hosts use that.Now there is a different domain to add for SSL. For some reason
the first domain name's certificate is being found. I've put the
IP for our new comer domain so we have <VirtualHost 1.1.1.1:443 >but it is still finding the other cert. This IP is uniquely assigned
with the different domain, as you'd expect with DNS. So it can't
be a overlap of the IP used elsewhere.Researching this problem ("wrong cert loaded for vhost"),
I read that in the initial SSL connection, it
is talking to the IP, and whatever values we have for ServerName
have no bearing until the page is being accessed. If that's the case
then it might have matched another vhost with *:443 first
I tried putting my new domain at the top of ssl.conf but it made no difference.I'm thinking I need to edit each *:443 case and change it to the appropriate IP.
That will be a lot of work, so I'm looking for affirmation that is likely to make the difference.