Creating 2 ssl in 1 ip public

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bisadibeli.com & masihhits.com

im using 1 ip public to 2 domain & ssl, my other domain bisadibeli.com running ssl well, but masihhits.com got invalid cert,
how to solve it?
OS : ubuntu 16

I don’t get an invalid certificate warning.

have you open my 2 site?

my bad, masihhits.com, thats correct site

Server Name Indication ( SNI ) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.[1] This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS.

I need to go for now, but read up on SNI.

If you have further questions, ask away. Someone is almost always here.

thanks @griffin
still dont know how to fix it

Perhaps:

thanks, ill check it

still couldnt figure it out, my 2 domain run well, but the one (masihhits.com) that i configure 1st time, got invalid cert

Apache 2.4.18 is well capable of doing SNI properly.

Your issue must be in the config.

And I’ll repeat myself here for those that may read this later:
Apache is notorious for running at all cost - which means that even when the config is NOT exactly perfect it will still do its’ best to serve “something” (hopefully close to what you expected).
[Flip a coin - you will have better odds at guessing that outcome than Apache will at your config]

Please show the output of:
sudo apachectl -S

and we can get started with fixing the real cause of your problem…

here is the output

image1153×502 5.42 KB

OK let me teach you “how to read” that output.
There is a section for each port (one for 80 and one for 443).
Then within each section it starts by telling you the “default” (when a name isn’t found, that content will be served).
Then it lists all the names and alias covered and in which files they can be found.

Looking at the output…
It seems that the name in question is only found in the *:80 (HTTP) section.
Q. Then what will happen when you try to reach such a name via HTTPS?
A. Apache will serve the “default” content for that section (since no match was found)

Q. OK…So how do I fix this?
A. You need an HTTPS enabled section that covers that name.

Ahhh… can you be MORE specific?

Yes, of course.
You could start by copying one of the working https files in the /etc/apache2/sites-available/ folder.
Then modify that new file to use the right DocumentRoot and cert files (for the new name).
[if you haven’t done that part - then get a cert for this new name]
[if you are not sure about if you have one or not - try listing all the certs with: certbot certificates]
[presuming you used certbot to get the certs]
Then enable the new site with:
sudo a2ensite {new-file-name}.conf
[yes - always name web config files with .conf at the end]
Then restart Apache.
Then retest access from the Internet.

still get invalid cert for masihhits.com, already restart the apache service

OK please show the new output of:
sudo apachectl -S

there you go

image904×595 5.69 KB

OK now show the new file:
sudo cat /etc/apache2/sites-enabled/masihhits-le-ssl.conf
[hard to read the fine print - legible at 125%]