I spent way more time than I want to remember trying to fix this one...
You have a server with N > 1 websites and you want SSL access to work on all of them. You go and buy SSL certificates for each one* and you configure SSL something like this:
ServerName server1.com
ServerAlias *.server1.com
DocumentRoot /var/www/html/server1
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/ssl/server1/...
SSLCertificateKeyFile /etc/ssl/server1/...
SSLCertificateChainFile /etc/ssl/server1/...
</VirtualHost>
<VirtualHost *:443>
ServerName server2.com
ServerAlias *.server2.com
DocumentRoot /var/www/html/server2
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/ssl/server2/...
SSLCertificateKeyFile /etc/ssl/server2/...
SSLCertificateChainFile /etc/ssl/server2/...
</VirtualHost>
What happens next is that no matter what you seem to do (or read online in Google searches). you always get server 1 loaded even though you requested server 2. You can try multiple IP addresses, etc., and nothing works. Until you finally come across this posting, and suddenly the light comes on. Add this line to the top of your ssl.conf file and it works!
Now I can shed the extra IP addresses and do not need IP-based virtual hosting at all. I also don't have to upgrade to Apache SNI and face possible incompatibilities with older browers. It just works!
- https://qmduser.com
- https://mrictpetparts.com
- https://mystockd.com
- and several others, all running on one server...
* I bought a 10-domain certificate from GoDaddy.com. Much cheaper than 10 individual certs and easier to use the same SSLCertificateFile and SSLCertificateKeyFile over and over.