The problem with multiple SSL on the same IP

If there are several sites with SSL on the same IP address, then old ancient browsers that do not support SNI will not be able to determine which certificate to download and will most likely download the first one that is registered at the beginning of the web server configuration.

To solve this problem, you need to transfer sites to different IP addresses or specify the path to the certificate of the most necessary site in front of the certificates of other nodes in the Apache2 configuration file.

For example, if there are many configuration files in the /etc/apache2/sites-enabled directory, then simply rename the required file, for example, add the number 1 to its name so that it appears first in the list and apply the changes:

sudo systemctl reload apache2

If cPanel is used, then you do not need to edit the configuration manually, since it will be reset after the next update or settings, in this case, in the WHM panel in the “SSL/TLS” – “Manage SSL sites” menu, click on the “Make Primary” button and in the Apache2 configuration path to the certificate of this node will automatically move before the certificates of other nodes.

See also my article:
Installing Certbot in Ubuntu

Leave a comment

Leave a Reply