Two certificates showing up?


#1

Hello,

When I check my site against SSL Labs’s testing, I see 2 certificates and I’m not sure why.
The site is gdb-tutorial.net. Certificate #1 matches that:
https://www.ssllabs.com/ssltest/analyze.html?d=www.gdb-tutorial.net&s=2604%3A180%3A2%3A3c6%3A0%3A0%3A0%3Ac2a7
(You’ll see I’m using that certificate for gdb-tutorial.net, static.gdb-tutorial.net, and www.gdb-tutorial.net)

However, there is also certificate #2 for www.chrisblume.net. I am not sure why this is showing up.
This is another domain on this server. But it isn’t from RDNS. That would be a different domain.

I’m not sure how I messed this up. But I completely deleted /etc/letsencrypt/live/gdb-tutorial.net/* to create a new certificate a while ago which included the subdomains. The double-certificate problem existed before and appears to still exist.

Any ideas why that second certificate is listed and how to remove it?
Thanks!


#2

That’s the certificate the webserver will serve without any Server Name Indication information. The “default” certificate as it were.

It should be somewhere in your webserver configuration, the first virtualhost your software encounters to be exact.


#3

Thank you. That was exactly what I needed to learn.
That same SSL Labs report also mentions “This site works only in browsers with SNI support.” (which is intentional) so I guess I can safely ignore it. I’ve updated it to match my RDNS but it doesn’t matter.

Thank you for sharing your wisdom. :slight_smile: