See if you can add a SAN to that wildcard certificate first.
On Wed, 18 May 2022 at 15:21, frank picabia <fpica...@gmail.com> wrote:
>
> We have a server with over 300 vhosts on it. Marketing/CMS madness I
> guess.
> All on the same domain name. Many VirtualHosts are defined with *:443
> and then ServerName to rely on SNI.
> We have a wildcard cert for the domain and all the hosts use that.
>
> Now there is a different domain to add for SSL. For some reason
> the first domain name's certificate is being found. I've put the
> IP for our new comer domain so we have <VirtualHost 1.1.1.1:443 >
> but it is still finding the other cert. This IP is uniquely assigned
> with the different domain, as you'd expect with DNS. So it can't
> be a overlap of the IP used elsewhere.
>
> Researching this problem ("wrong cert loaded for vhost"),
> I read that in the initial SSL connection, it
> is talking to the IP, and whatever values we have for ServerName
> have no bearing until the page is being accessed. If that's the case
> then it might have matched another vhost with *:443 first
> I tried putting my new domain at the top of ssl.conf but it made no
> difference.
>
> I'm thinking I need to edit each *:443 case and change it to the
> appropriate IP.
> That will be a lot of work, so I'm looking for affirmation that is likely
> to make the difference.
>
>
>
