Can 2 websites www.example.com and www.example.eu reside on the same server

web-server ssl-certificate apache-2.4 certbot

We have 2 websites and want to get a SSL-certificate for both:

  1. www.example.de
  2. www.otherExample.eu

Both sites reside on the same server under different root with their own config-file. With certbot I got a certificate for each one of the sites: sudo certbot --apache -d www.example.de -d www.otherExample.eu

www.example.de works fine but www.otherExample.eu throws SSL-NO-CIPHER-OVERLAP-Error Related to this question: How to fix SSL_ERROR_NO_CYPHER_OVERLAP for 2 domains on apache with certbot

I am aware of the fact that the handshake happens before the addressed site is known (that is why I want to have one certificate for both sites) Multiple SSL websites on the same Apache server

First question: At this point isn't it possible to get one certificate for both sites? Second question: Could it be, that it isn't working because both sites have a different top-level-domain-name?

Final question: Is it generally possible to to get two SSL-secured sites running on one server?

Please note: We have an SNI-Server that first gets the request and sends it to the webserver.


Solution 1:

I am aware of the fact that the handshake happens before the addressed site is known

This is wrong. This is a long solved problem and the solution is that the client sends the request URL part (or at least the domain) BEFORE the protocol negotiation. This is in place since - no idea, many many years at least - because otherwise hosters would have to reserve one IP per SSL certificate.

This is what SNI does.

First question: At this point isn't it possible to get one certificate for both sites?

It actually is. I suggest instead of asking here you read - the offers of certificate providers. SAN (Subject Alternative Names) Are not something new.

Please note: We have an SNI-Server that first gets the request and sends it to the webserver.

Well, if you DO have an SNI server then - bascially - it either is a broken config (which we can not magically debug for you), or broken software - the SNI server should forward with SNI enabled, too.

Related

kubeapi server as kubernetes pod
After removing .htaccess can no longer access phpmyadmin
how to install php5-memcached in linux?
worker_connections are not enough while have idle workers
OHV VPS ports remain "closed" and can't be changed, why?
HP Proliant ML350 Gen9 doesn't start
Does it matter to partition something before dd?
Multipart text/html email from Invision Community not parsing correctly [closed]
SPF broken by forwarding on the recipient side : what do?
Fastest way to copy files locally in linux
AWS ECS Fargate, container to container communication
Nginx Config Issue for Ghost Blog inside a sub-directory on a LEMP Server