I’m the owner of a personal home server (as a hobby), I host a webserver (nginx) on a Raspberry Pi running Raspbian, on a single static IP. Its domains and subdomains are private so let’s say they’re (intentionally bogus domain names):
mydomain.eu with subdomains:
- abc.mydomain.eu (has a certificate)
- jkl.mydomain.eu (no certificate, doesn’t need one)
- xyz.mydomain.eu (has a certificate)
- www.a-landing-page.fr (no certificate, doesn’t need one)
For some of those, abc.domain.eu and xyz.domain.eu, I’ve obtained separate Let’s Encrypt certificates (as indicated) and Certbot configured them accordingly to enable SSL connections. So far the websites are working flawlessly in https, and http redirects to https, which is perfect. Renewing certificates also works quite well.
Whenever I go on on www.a-landing-page.fr (which does not have an SSL certificate and does not need one), the website loads fine. However if I change http to https, it says:
www.a-landing-page.fr uses an invalid security certificate. The certificate is only valid for xyz.mydomain.eu
For testing purpose, if I stop serving xyz.mydomain.eu, going to that certificate-less subdomain in https again still errors but with the abc.mydomain.eu. So apparently, forcing an http only subdomain or domain to load with https makes it fetch a certificate of another subdomain, which obviously errors. I wish to fix that.
I feel something something is loose, a service isn’t telling which subdomain is using which certificate and restrict it to that subdomain only, not to all sites on my IP. Someone told me I have to make a SNI declaration, I searched for it as well as here on the forums but all of the results are way above my understanding in a way that I don’t even know if some posts mentionning it have the same problem as mine, and I don’t know how to make such declaration.
Can you please direct me to the right direction?