marcel
By:
marcel

Multiple SSL websites with differtent certificates on one droplet (LAMP setup)

July 7, 2014 4.1k views

I was searching for multiple IPs connected to one droplet to enable SSL but then read that this would not be nessecary and that there would be coming a guide on how to setup SSL for multiple domains on one droplet.

I have an apache webserver, also virtualmin installed. I would like to have SSL (different certificates) for 2 virtual servers on this droplet.

Is this possible, and if yes, how would I set this up?

1 comment
  • Hi!

    All documentation from Virtualmin indicates that you can do this in a straight forward fashion - just enabling SSL for each new server within the same IP/Virtualmin install.

    However, whenever I actually try to enable a 2nd SSL certificate, I get the primary server to take on the new SSL, which yields a domain mismatch and hence an error.

    If you have any clues on how to do it I would greatly appreciate.

    Most relevant documentation so far found here:
    https://www.virtualmin.com/node/19230

    Regards

4 Answers

Hi,

This can be done with relative ease. The below linked guide is very helpful for apache users attempting to perform the exact task you are doing:

http://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

One (major) disadvantage of using SNI is the fact that it is not supported by Windows XP.

Although XP is end-of-life it is broadly used (especially in large enterprises) and still has a market share of more than 25%: Wikipedia: OS Market Share

This means if you run a web shop etc. you will kick out one quarter (!) of potential customers...

The only (but little bit more expensive) way to serve all browsers is to use a multi-domain SSL certificate. It allows you to include multiple host names (up to 100) in one single cert: Multi-Domain (SAN) SSL Certificates

If you use a self-signed certificate just for testing or a private box, just add your domain names as SAN (Sunject Alternative Name) when creating your CSR.

Have another answer? Share your knowledge.