One way to fix Apache serving up the wrong SSL certificate

June 2, 2008

Share on FacebookTweet ThisEmail to a Friend
I ran into an issue today on an Ubuntu server running Apache 2 where the server already had an SSL certificate for '' and the client wanted to add a second one for ''.  I added a new IP to the server, set up the virtual site, and generated the CSR and ordered and installed the cert normally, but when I tried to view the new virtual site, it gave me the new site directory but with the old 'www' cert, causing a cert name mis-match error. The old virtual site's apache config file had the site bound to *:443, so when I added the new site I changed the old one to [Old IP Address]:443, so it wouldn't conflict with the new one which was bound to [New IP Address]:443. While logically it seemed like that should have worked, it didn't, and was serving up the old cert for the new site. I fixed the issue by changing the binding for the old virtual site back to *:443, while leaving the new one on [new IP address]:443. To me, it seems like this shouldn't work, and that the *:443 would catch all the requests, but apparently that's how it is supposed to be, and the binding with the IP address overrides the wildcard binding. Who knew?