> In fact, I am sure its a bug. > > I also happen to have the following certs: > *.apps.mycompany.com.au > *.its.apps.mycompany.com.au > > If I go to sitea.its.apps.mycompany.com.au, I get the > *.apps.mycompany.com.au certificate
The workaround in the meantime is to make sure haproxy
loads the more specific (longer) wildcard certificate before
the less specific certificate.
This should make it work until there's a fix for this.
