[BlueOnyx:21017] Re: Let's Encrypt Certificate #2 MISMATCH - it's normal

[Michael Stauber]

Hi Tobias and all,

> at my installation it makes no difference at all.

I looked a bit further and this is expected behaviour during an SSL
connection to a Vsite where SSL runs via SNI:

https://de.wikipedia.org/wiki/Server_Name_Indication

This page goes a bit into technical details about it, but ignore
everything on it but the graphic, as we're talking Apache and not
Zimbra. The principles are the same, though:

https://wiki.zimbra.com/wiki/Multiple_SSL_Certificates,_Server_Name_Indication_(SNI)_for_HTTPS

The point being: BlueOnyx Apache 2.2 (5207R/5208R) and 2.4 (5209R)
supports SSL for Vsites via SNI, so that we no longer need one IP per
SSL enabled Vsite.

But this also means: During the communication the "default SSL" cert
(for the server) might be presented to diagnostic tools such as SSLlabs
test suite. Once the client <-> server connection has negotiated that
both sides support SNI the connection use the SNI SSL cert of the actual
Vsite.

And you can see that it works when you go to the Vsite via HTTPS in your
browser and click on the cert information. It'll show that the SSL cert
with the FQDN of the Vsite you're visiting is being used for this visit.

So all in all? It's fine and working as intended.

-- 
With best regards

Michael Stauber