SAN value is common for multiple websites

aqeelsmith · July 25, 2020, 2:36pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://akhilnambiar.me

I ran this command: To see the SAN values for my certificate installed on my domain.

It produced this output: I can see multiple domain names under SAN value like : adloader.vaago.co.uk, agent.manamatrimony.com , anonfile.xyz . You could see them if you could open my website: https://akhilnambiar.me
Also, I opened the website for anonfile.xyz and on this website I could see my domain name akhilnambiar.me registered as a SAN value for the certificate issued for anonfile.xyz.
Is this normal ? Am I missing something ? Is this supposed to happen ?

My hosting provider, if applicable, is: Google domains

stevenzhu · July 25, 2020, 2:40pm

This is absolutely normal.
If you are using a shared hosting provider or decided to issue all domains under one certificate, this will happen.

You can choose to issue a certificate for each domain if you wish, but it's optional and both options work.

Osiris · July 25, 2020, 2:41pm

By the way, CloudFlare also uses this strategy for their TLS certificates.

Also, Let’s Encrypt supports up to 100 hostnames in their certificates. It seems your hosting provider is trying to use the most out of this option.

aqeelsmith · July 25, 2020, 2:52pm

Is this safe ? Is this something I should worry about since I don’t own the other websites in the SAN of the certificate?

Osiris · July 25, 2020, 3:05pm

It isn’t unsafe. No need to worry about it.

system · August 24, 2020, 3:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.