Problem applying wildcard SSL cert to sub-servers


I’ve read a number of similar posts on the Virtualmin forum here, but nothing quite tackling a problem I have.

I have a domain with a few subdomains, so I have configured the corresponding sub-servers in virtualmin. I have a wildcard certificate for the domain, so in theory this is all pretty simple and straightforward to apply to the sub-servers…

However:slight_smile: When I try to switch on the SSL settings (“SSL Website Enabled”) for more than one sub-server, it takes Apache down. In the sub-server’s Apache error_log, I get this:

[error] Init: Multiple RSA server certificates not allowed

In System Settings > Virtualmin Configuration > SSL Settings, I have “Allow multiple SSL websites on the same IP?” set to Yes.

I’m clearly missing something obvious and I don’t have a lot of hair left to pull out… :smiley:

Any pointers gratefully received…

Thanks, Steve

btw - system is Deb 7, x86_64, Apache/2.2.22.


Well, it should be no problem to use a wildcard certificate. It sounds like something else is going on though…

Is it possible that Apache is already configured with an SSL certificate, possible one setup outside of Virtualmin?

I’m wondering if maybe something is causing it to try to use two SSL certificates for a specific domain.


Eric, you’re the man with a plan! :slight_smile:

Ok, that’s helped me start to unpick this. I didn’t realise before that this error might be occurring because of a duplicate certificate on one domain (or sub-server); instead, I thought it was related to the entire Apache configuration.

So, to investigate, I SSH’d in to the server and went to /etc/apache2/sites-enabled/ and then did a ‘grep -i SSL *’

As you would expect, returned was the list of files containing SSL certs. One of them caught my attention, because I’d just switched off the SSL option in Virtualmin for that sub-server. This particular sub-server’s Apache config file contained the following, right at the bottom:

SSLCertificateFile /home//ssl.cert
SSLCertificateKeyFile /home//ssl.key
SSLCACertificateFile /home//
SSLEngine on

…just before the closing tag.

So, the question is how did it get there? :-S

What I think happened was that I set up the main virtual server first, but initially without SSL. The sub-servers were already created, and I have a hunch I had already enabled SSL them too, before enabling it on the top-level server. Then I enabled SSL on the top-level virtual server, and uploaded my wildcard certificate.

Because of this approach, I was in some doubt that the certificate on one of the sub-servers was valid (was the wildcard cert), so in Virtualmin I went to that sub-server > Server Configuration > Manage SSL Certificate and used the form (in the ‘Update Certificate and Key’ tab) to point this sub-server’s SSL settings to the top-level server’s certificate files.

Having just retraced these steps and removed the spurious entry in the sub-server conf file, I can now see that going to a sub-server’s ‘Manage SSL Certificate’ page brings up the message “This virtual server shares its SSL certificate with, so it cannot be edited on this page…”. However, this message wasn’t there for me the first time around, so I’m wondering if perhaps I’ve uncovered a rather obscure workflow bug somewhere?


Similar error but different OS CentOS 7 and I wasn’t having a wildcard issue:

[error] Init: Multiple RSA server certificates not allowed

Fixed by removing two redundant lines possibly added when adding Let’s Encrypt SSL:


/#SSLCertificateFile /home/xxxx/ssl.cert <— Removed as duplicate

/#SSLCertificateKeyFile /home/xxxx/ssl.key <— Removed as duplicate

SSLCACertificateFile /home/xxxx/

SSLEngine on

SSLCertificateFile /home/xxxx/ssl.cert

SSLCertificateKeyFile /home/xxxx/ssl.key

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1