Not sure if you saw the other answer on the other email:// If you can't use a SAN, then you need to configure all your vhosts as IP:443, whereas one vhost uses a separate IP, and the remainder uses the second IP.On Wed, 18 May 2022 at 17:26, frank picabia <fpicabia@xxxxxxxxx> wrote:Sorry, different domain.300 hosts like *.example1.comand now we have 1 example2.comOn Wed, May 18, 2022 at 4:31 PM Frank Gingras <thumbs@xxxxxxxxxx> wrote:See if you can add a SAN to that wildcard certificate first.On Wed, 18 May 2022 at 15:21, frank picabia <fpicabia@xxxxxxxxx> wrote:We have a server with over 300 vhosts on it. Marketing/CMS madness I guess.
All on the same domain name. Many VirtualHosts are defined with *:443
and then ServerName to rely on SNI.We have a wildcard cert for the domain and all the hosts use that.Now there is a different domain to add for SSL. For some reason
the first domain name's certificate is being found. I've put the
IP for our new comer domain so we have <VirtualHost 1.1.1.1:443 >but it is still finding the other cert. This IP is uniquely assigned
with the different domain, as you'd expect with DNS. So it can't
be a overlap of the IP used elsewhere.Researching this problem ("wrong cert loaded for vhost"),
I read that in the initial SSL connection, it
is talking to the IP, and whatever values we have for ServerName
have no bearing until the page is being accessed. If that's the case
then it might have matched another vhost with *:443 first
I tried putting my new domain at the top of ssl.conf but it made no difference.I'm thinking I need to edit each *:443 case and change it to the appropriate IP.
That will be a lot of work, so I'm looking for affirmation that is likely to make the difference.