One way to fix Apache serving up the wrong SSL certificate

I ran into an issue today on an Ubuntu server running Apache 2 where the server already had an SSL certificate for ‘www.domain.com’ and the client wanted to add a second one for ‘sub.domain.com’.  I added a new IP to the server, set up the virtual site, and generated the CSR and ordered and installed the cert normally, but when I tried to view the new virtual site, it gave me the new site directory but with the old ‘www’ cert, causing a cert name mis-match error.

The old virtual site’s apache config file had the site bound to *:443, so when I added the new site I changed the old one to [Old IP Address]:443, so it wouldn’t conflict with the new one which was bound to [New IP Address]:443. While logically it seemed like that should have worked, it didn’t, and was serving up the old cert for the new site.

I fixed the issue by changing the binding for the old virtual site back to *:443, while leaving the new one on [new IP address]:443. To me, it seems like this shouldn’t work, and that the *:443 would catch all the requests, but apparently that’s how it is supposed to be, and the binding with the IP address overrides the wildcard binding. Who knew?

Share

About WSD

WebSight Design is a Bay Area web design and development firm started in 1995. We build and manage websites for large corporations, as well as small and mid-size businesses looking to expand their reach. We specialize in search engine optimization, social media management, hosting, mobile development, and more.

Contact us today to see how WSD can take your business to the next level with our wide range of design, development, and internet marketing services.