Score:0

Can 2 websites www.example.com and www.example.eu reside on the same server

cn flag

We have 2 websites and want to get a SSL-certificate for both:

  1. www.example.de
  2. www.otherExample.eu

Both sites reside on the same server under different root with their own config-file. With certbot I got a certificate for each one of the sites: sudo certbot --apache -d www.example.de -d www.otherExample.eu

www.example.de works fine but www.otherExample.eu throws SSL-NO-CIPHER-OVERLAP-Error Related to this question: How to fix SSL_ERROR_NO_CYPHER_OVERLAP for 2 domains on apache with certbot

I am aware of the fact that the handshake happens before the addressed site is known (that is why I want to have one certificate for both sites) Multiple SSL websites on the same Apache server

First question: At this point isn't it possible to get one certificate for both sites? Second question: Could it be, that it isn't working because both sites have a different top-level-domain-name?

Final question: Is it generally possible to to get two SSL-secured sites running on one server?

Please note: We have an SNI-Server that first gets the request and sends it to the webserver.

Michael Hampton avatar
cz flag
You can have thousands of them, not just two. You should rewrite this question to ask about the actual problem.
Score:1
cn flag

I am aware of the fact that the handshake happens before the addressed site is known

This is wrong. This is a long solved problem and the solution is that the client sends the request URL part (or at least the domain) BEFORE the protocol negotiation. This is in place since - no idea, many many years at least - because otherwise hosters would have to reserve one IP per SSL certificate.

This is what SNI does.

First question: At this point isn't it possible to get one certificate for both sites?

It actually is. I suggest instead of asking here you read - the offers of certificate providers. SAN (Subject Alternative Names) Are not something new.

Please note: We have an SNI-Server that first gets the request and sends it to the webserver.

Well, if you DO have an SNI server then - bascially - it either is a broken config (which we can not magically debug for you), or broken software - the SNI server should forward with SNI enabled, too.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.