One way to fix Apache serving up the wrong SSL certificate

One way to fix Apache serving up the wrong SSL certificate

June 2, 2008

Apache Fix

I ran into an issue today on an Ubuntu server running Apache 2 where the server already had an SSL certificate for 'www.domain.com' and the client wanted to add a second one for 'sub.domain.com'.  I added a new IP to the server, set up the virtual site, and generated the CSR and ordered and installed the cert normally, but when I tried to view the new virtual site, it gave me the new site directory but with the old 'www' cert, causing a cert name mis-match error. The old virtual site's apache config file had the site bound to *:443, so when I added the new site I changed the old one to [Old IP Address]:443, so it wouldn't conflict with the new one which was bound to [New IP Address]:443.

While logically it seemed like that should have worked, it didn't, and was serving up the old cert for the new site. I fixed the issue by changing the binding for the old virtual site back to *:443, while leaving the new one on [new IP address]:443. To me, it seems like this shouldn't work, and that the *:443 would catch all the requests, but apparently that's how it is supposed to be, and the binding with the IP address overrides the wildcard binding. Who knew?

SHARE THIS
Tweet ThisEmail to a Friend