http.ListenAndServeTLS with multiple certificates

Question

How do I ListenAndServeTLS with multiple domains? I see the function accepts a cert and key file, but I believe the key file may only contain a single private key. I have a few

Answer 1

I'm no Go user myself but if you want to use multiple certificates on the same TLS listener you must have some way to decide which certificate should be used once a client connects because only a single certificate + chain can be sent inside the TLS handshake.

The main use case for this is Server Name Indication (SNI). With SNI you have multiple certificates and you want to select the appropriate one based on the name the client asked for within the TLS handshake.

Searching for go sni server results in this post from 2013. This post shows that using multiple certificates with ListenAndServeTLS is not possible (or was in 2013) but it also shows how to achieve the necessary functionality.