SSL Test gives back a second certificate


at the moment I’m improving my SSL setup for all my domains. :chains:
I saw here Incorrect order and Extra certificate error that I can get help for apache+let’s encrypt issues on this forum.
When I used the test, it says something about a second certificate that my server sent. I have an A+ score, but it still annoys me that my server sends a second certificate for one of my other domains.

Example: I tested and when you scroll down you see Certificate #2 which is issued to (one of my other domains running on the same server)

Why does apache send that second certificate and why is it that domain? I couldn’t find anything in the apache conf and ssl conf.
I hope somebody can help me with this.



That means you are using SNI, and is your primary site on that IP.

In order to remove that, configture one site (https / to) on each IP…

Apache identify SNI primary certificate based on the alphabetical order of vHosts.

Thank you


Ohhh okay… I’m hosting from home, so unique IPs are not gonna be possible. Thanks for the super fast reply!


Hi @DatDraggy

this isn’t really a problem.

Your site uses SNI. But SSLLabs tests what happens, if your browser doesn’t understand SNI.

Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI

Theoretical, you can create a certificate with all of your domain names and send this with your default configuration.


Hello @JuergenAuer

Yes, that was my old setup, but because I also host domains for friends I decided it would be better to seperate these certificates so that people can’t just look in the certificate and figure out what domains I have directing to my server.

Thank you both for the replies.


Yes, because of this I wouldn’t do that. :wink:


I thought so as well. Well, is only a URL shortener that doesn’t even work correctly anymore, so it’s not too bad, :laughing:


Too late… People can just look at the old certificates:


But most people won’t care / don’t know where to look…


Yea that’s fine. Not like there’s some weird xxx or other shady site in there so I don’t mind that much


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.