Your configs look fine, what you are seeing is the certificate that is sent if a client does not support SNI. You can control which certificate is chosen using the default_server parameter on your listen directive.
On Sun, Mar 12, 2017 at 4:54 PM, Fabian A. Santiago < [email protected]> wrote: > Hello nginx world, > > I hope you can help me track down my issue. > > First, I'm running: > > Centos 7.3.1611 > Nginx 1.11.10 > Openssl 1.0.1e-fips > > My issue is I run 11 virtual sites, all listening on both ipv4 & 6, same > two addresses, so obviously I rely on SNI. One site also listens on tor. > > When I check the ssl responses using either ssllabs server test or openssl > s_client, my sites work fine but also serve an extra 2nd cert meant for the > wrong hostname. I'm confused as I see no issue with my config files. > > I've attached a sample of my config files for one site for your perusal. > > You can also check this domain for yourself: > > server1.garbage-juice.com > > Thanks for your help. > > > -- > Thanks. > Fabian S. > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
