Wrong SSL certificate being used


My config is:
CentOS 7.7.1908
Webmin 1.941
Usermin version 1.791
Virtualmin 6.02

Today I noticed something odd I don’t really understand.
When I create a virtual server without an SSL certificate, and I navigate to it in my browser using https://, I get the error that a self signed certificate is being used. In fact, that is the self-signed certificate of the very first virtual server I created, the one which I use to access virtualmin and webmin itself. Those two virtual servers have nothing to do with each other.

Question is; why is the self-signed SSL certificate of another virtual server served for another virtual server?
And the better question is; can I turn that off? :slight_smile:

server has https for other virtualhosts, and picks the default https site when you visit domains without ssl. so it seems “first virtual server” is the default https on apache, and that’s why it is being served to you.
that’s the way it works, just add a letsencrypt cert to both domains, and be over cleanly…

Hi dimitrist,
Thanks for your reply.
Didn’t know that. It seems a bit strange to me, I would think the better response is “no SSL certificate available”. (But: who am I)

if there isnt’ a default site for https, you’d probably get a blank page (=connection refused), no message i’m afraid…

it will also do this if, after creating virtual servers, you copy SSL certificate to webmin, postfix, or dovecot.

I think i read somewhere that new versions of postfix are possibly allowing multiple SSL certs on a single ip address now (can anyone confirm this). If so, that would allow us to copy virtual server SSL to all of the above.