Power up with new SaaS Add-Ons from the DigitalOcean Marketplace

Question

Can I load several domains with SSL on a single IP?

  • Posted December 27, 2014

I have Ubuntu 14.04 and 3 domains that I want to host on it. Each of these needs SSL support. I have purchased 3 Symantec EV certificates for the www.domain.com of them. I only have one IP on that server.

(Note that I’ve done the DigOc recommended self-signed cert stuff for Apache2 and it works.)

  1. Is it possible to load a separate SSL certificate for each domain, even on the single IP? Or, would I need separate IPs?

  2. Is it possible even with an EV certificate on each domain? Or, would I need separate IPs?

  3. Anyone got a tutorial on how to load the SSL on each separate domain? Or is it as simple as creating a separate conf for each domain and just loading the SSL stuff in there?

Subscribe
Share
Adam RobertsonDecember 29, 2014

This comment has been deleted

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

mikeboostDecember 27, 2014

It looks like a “no” when I read this DigOc post about setting this up on Ubuntu 12.04, even though I have 14.04:

https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apache-on-ubuntu-12-04

The reason? SNI is not supported in Windows XP. Most of our customers will be elderly, but will at least be on IE7 or greater, which SNI needs, but SNI doesn’t ship with XP and requires Vista or greater, which poses a problem.

http://en.wikipedia.org/wiki/Server_Name_Indication#Web_browsers.5B6.5D

It looks like I’ll have to purchase separate IPs for each SSL. Or, setup an arrangement where the domain SSL is mounted on some separate hardware (like a load balancer or firewall) and then gets sent down to the server.

DigOc does not currently support purchasing multiple IPs per server as of 2014 Dec 27:

“Do you support adding multiple IPs per virtual server? How can I get an additional IP?” https://www.digitalocean.com/help/technical/setup/

EDIT: I found an answer. We use Incapsula for DDOS protection, but now will be switching to CloudFlare. Both of these services require that you mount the SSL certificates on them and do not need SSL mounted on your IP. Thus, I can load several SSL on CloudFlare and then have it all point to a single IP on the server. At least I think I can. I’ll let you know.