Multiple sites per Apache server with SSL showing wrong site with HTTPS

Question

I have a Debian server which is running a number of client sites. Most of these are not running SSL so accessing by HTTP is fine.

I have one customer with an SSL cer

Answer 1

This does not have anything to do with SNI, as you currently only have one HTTPS server. What happens, as you've stated in your comment, is that the alpha.net domain resolves to your server's IP. Your Apache server is set up to listen for requests on port 443 on this IP, and to serve the contents of charlie.net to these requests. (And the certificate error means that the browser noticed the discrepancy between the certificate's alleged domain name and the domain name used for the request.)

Redirecting from HTTPS to HTTP is probably more trouble that it's worth, since you would need valid certificates for each domain, lest you present your users with another security warning. This would entail creating virtual hosts for alpha.net:443 and so on, on an SNI capable server (i.e., later versions of Apache 2.2+ with openssl), and adding a redirection like so:

RewriteEngine On 
RewriteCond %{HTTPS} on 
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

Probably the easiest course for your problem is to use a different IP for charlie.net. With this setup, there would be no way for alpha.net (and so on) to display the contents of another site.

Answer 2

If you have multiple IPs on your server, use a unique one for the SSL site, all non-SSL sites share another IP.

Since SSL doesn't care what is the domain you are visiting, it only cares if the current domain is approved from the list of domains(Common Name) it gets from the Ip address.