Two separate certbot-generated certificates "interfering" with each other

I created two separate certificates using certbot for two separate domains, and The first certificate looks fine, with common name and alternate names, But SSL Labs shows that the second certificate I created, for, contains the certificate for that domain PLUS the certificate as “Certificate #2”. Browsers don’t seem to care about this, but I’d like to know how I can create the separate separate certificates without the injecting itself into the one.

The certbot command lines I’m using are:

sudo /usr/local/bin/certbot certonly --webroot -w /var/www/html/ -d -d

sudo /usr/local/bin/certbot certonly --webroot -w /var/www/html/ -d -d

Links to the SSL Labs reports are:

I could also create a single certificate for all four domains/subdomains, but that seems non-ideal too, as then the common name for would be “” and that seems weird.

Any idea why the two certs are “interfering” with each other and how to fix that? Or any other recommendations or best practices?

There is no interference I can see.

I assume you are looking at the “no SNI” certificate. This is essentially when just using your IP address for very old browsers where every https needed to be on a different IP address, and you have multiple domains on the same IP address.

Aha, thank you! I misinterpreted what that meant. I see now that it’s what a browser/client without SNI support would see (which would be the first certificate that Apache serves, the one for, not that there are actually two certificates bundled into one and interfering with each other. “Problem” solved, thank you.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.