Not sure if you saw the other answer on the other email:
// If you can't use a SAN, then you need to configure all your vhosts as
IP:443, whereas one vhost uses a separate IP, and the remainder uses the
second IP.
On Wed, 18 May 2022 at 17:26, frank picabia <fpica...@gmail.com> wrote:
> Sorry, different domain.
>
> 300 hosts like *.example1.com
> and now we have 1 example2.com
>
>
> On Wed, May 18, 2022 at 4:31 PM Frank Gingras <thu...@apache.org> wrote:
>
>> See if you can add a SAN to that wildcard certificate first.
>>
>> On Wed, 18 May 2022 at 15:21, frank picabia <fpica...@gmail.com> wrote:
>>
>>>
>>> We have a server with over 300 vhosts on it. Marketing/CMS madness I
>>> guess.
>>> All on the same domain name. Many VirtualHosts are defined with *:443
>>> and then ServerName to rely on SNI.
>>> We have a wildcard cert for the domain and all the hosts use that.
>>>
>>> Now there is a different domain to add for SSL. For some reason
>>> the first domain name's certificate is being found. I've put the
>>> IP for our new comer domain so we have <VirtualHost 1.1.1.1:443 >
>>> but it is still finding the other cert. This IP is uniquely assigned
>>> with the different domain, as you'd expect with DNS. So it can't
>>> be a overlap of the IP used elsewhere.
>>>
>>> Researching this problem ("wrong cert loaded for vhost"),
>>> I read that in the initial SSL connection, it
>>> is talking to the IP, and whatever values we have for ServerName
>>> have no bearing until the page is being accessed. If that's the case
>>> then it might have matched another vhost with *:443 first
>>> I tried putting my new domain at the top of ssl.conf but it made no
>>> difference.
>>>
>>> I'm thinking I need to edit each *:443 case and change it to the
>>> appropriate IP.
>>> That will be a lot of work, so I'm looking for affirmation that is
>>> likely to make the difference.
>>>
>>>
>>>
