Sorry, different domain.
300 hosts like *.example1.com
and now we have 1 example2.com
On Wed, May 18, 2022 at 4:31 PM Frank Gingras <thu...@apache.org> wrote:
> See if you can add a SAN to that wildcard certificate first.
>
> On Wed, 18 May 2022 at 15:21, frank picabia <fpica...@gmail.com> wrote:
>
>>
>> We have a server with over 300 vhosts on it. Marketing/CMS madness I
>> guess.
>> All on the same domain name. Many VirtualHosts are defined with *:443
>> and then ServerName to rely on SNI.
>> We have a wildcard cert for the domain and all the hosts use that.
>>
>> Now there is a different domain to add for SSL. For some reason
>> the first domain name's certificate is being found. I've put the
>> IP for our new comer domain so we have <VirtualHost 1.1.1.1:443 >
>> but it is still finding the other cert. This IP is uniquely assigned
>> with the different domain, as you'd expect with DNS. So it can't
>> be a overlap of the IP used elsewhere.
>>
>> Researching this problem ("wrong cert loaded for vhost"),
>> I read that in the initial SSL connection, it
>> is talking to the IP, and whatever values we have for ServerName
>> have no bearing until the page is being accessed. If that's the case
>> then it might have matched another vhost with *:443 first
>> I tried putting my new domain at the top of ssl.conf but it made no
>> difference.
>>
>> I'm thinking I need to edit each *:443 case and change it to the
>> appropriate IP.
>> That will be a lot of work, so I'm looking for affirmation that is likely
>> to make the difference.
>>
>>
>>
