NGINX two domains SSL presents wrong cert

keniah asked:

I have two domains, both of which are wildcards. Both use https only eg.

*.example.something.com
*.example.com

The issue is that nginx seems to always present the default certificate (example.something.com), which is not valid, when I go to https://t12345.example.com.

My current nginx.conf file has the following entries:

server {

    listen 443   default_server;
    server_name   example.something.com;

   ssl on;
   ssl_certificate "/etc/nginx/star.example.something.com.crt";
   ssl_certificate_key "/etc/nginx/star.example.something.com.key";
}

server {

    listen 443   ssl;
    server_name   example.com;

   ssl on;
   ssl_certificate "/etc/nginx/star.example.com.crt";
   ssl_certificate_key "/etc/nginx/star.example.com.key";
}

No errors are reported by nginx and the certificates, which are both valid wildcard certificates are present.

Any ideas why it doesn’t pick up the second certificate?

My answer:


You haven’t created a server block which matches the hostname you are trying to access, so nginx serves the request using the first server block with a matching listen directive.

To solve the problem, create a new server block or add the appropriate server_name to an existing server block.

If these are really wildcard certificates, and you want the single server block to handle every possible name, then you probably should be serving them with the wildcard name, i.e.:

server_name *.example.something.com;

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.