Issue with VirtualHost definition order and SNI SSL

Linmiao Xu linmiao.xu at
Fri Oct 9 22:22:29 MSD 2009

When running SSL on more than one virtual host (one IP), I get a weird issue
when virtual hosts are defined in different orders. One virtual host is a
TLD (, and one is an alias I set in /etc/hosts (alias). Both use
their own certificates and work fine when I define them in this order:

include /etc/nginx/vhosts/;
include /etc/nginx/vhosts/ssl_alias.conf;

But when I reverse the order, both hosts try to use (alias)'s certificate,
so I get an ssl warning when trying to connect to (

In both cases, I use "listen 443" and server_name is set as (
and (alias). I don't listen on 443 except in virtual hosts, all with
server_name defined. When I use "listen 443 default ssl" instead of "listen
443" for (, this problem goes away. It looks like nginx takes
the first virtual host that listens on 443 if I try to connect to the server
on a host that isn't listening on 443.

But I still don't understand.. both of the above are valid hosts, so why
does the order in which I include the virtual hosts cause different results?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list