Are several individual certs already possible for one IP (Reverse Proxy) serving multiple domains

Hi Community,

im running a reverse proxy serving serveral Domains on Apache.

Currently I use multidomain cert. Since I meanwhile run many domains for different clients under ONE IP, I wonder if there is already a possibility to have different single certs on the reverse proxy instead of one big one with all domains in it. Problem is that customers visiting sites with the cert also see other domains running on same machine, which is of course not a secret but this is not desired by some customers.

Is it possible to just use multiple different certs for one ip with more than one domain name WITHOUT using multidomain certs?

Best regrads

Yes. 

Also, I've moved your thread to the Help section, as it's not so much a feature request.

Just use name based virtualhosts in the apache configuration. Each virtualhost will have its own certificate. The SNI feature of the TLS will take care of the virtualhost/certificate selection even all names map to the same IP address.

Thank you for the hint. I already got name based configs, i. e. many sites enabled on apache (reverse proxy) by name with own config-files.

I'm not using letsencrypt much. For my multidomain cert I always requested a cert for all domains

certbot certonly --apache -d domain1 -d domain2 -d domain...

So do I then just request certs for each domain separately?

Best regards

Yes, you need as many certificates as the number of virtualhosts.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.