Hi Guys,
I got cert however my domian is one of MANY alternative names in this certificate. I’m not the owner of other websites defined in Alternative Name.
Why I got such certificate?
Do I have the same private key for cert as other Alternative Names websites owners?
Is it possible to decrypt my traffic by othey gusy ? (Guys with domain defined in Alternative Names as they have the same certificate)
Technically, yes. But do you really have access to the private key file?
This depends entirely on your HSP and your hosting plan.
Most likely a "shared" plan; one that uses cPanel to "separate" the many users.
Or maybe you are using a CDN service (like CloudFlare) and you are seeing their cert which contains many domains.
I’m assuming this certificate was issued by a hosting provider, rather than one you requested yourself through something like certbot or acme.sh.
If that’s the case, you’re fine. Some hosting providers aggregate many customers’ domains onto a single certificate for various reasons. (Fewer certs to manage, keep in memory, etc.) Yes, your domain uses the same public key as these other customers, but it doesn’t impact your security because they, like you, don’t have access to the private key. It’s no less secure than if the host used a single cert per customer.