id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
628	nginx serving wrong certificate for another domain?	Lorenzo Raffio		"I have SNI installed and running fine. I have 6 websites hosted on the same VPS, same IP. 5 of them work just fine, every one is serving its correct ssl certificate.
But there's one that even if I'm setting ssl_certificate to the correct crt file related to that domain, is serving the certificate of another domain! (WTF?)

Here's the whole conf file for this domain:

{{{
fastcgi_cache_path			/var/www/blabla.it/cache levels=1:2 keys_zone=blabla.it:100m inactive=60m;

server {

	### MAIN ###

	server_name				.blabla.it;
	index					index.php;
	root					/var/www/blabla.it/htdocs;

	ssl_stapling				on;
	ssl_stapling_verify			on;
	ssl_trusted_certificate			/var/www/blabla.it/ssl/ca-certs.pem;
	ssl_certificate				/var/www/blabla.it/ssl/ssl.crt;
	ssl_certificate_key			/var/www/blabla.it/ssl/ssl.key;
    
	access_log				/var/www/blabla.it/logs/access.log.gz combined gzip;
	error_log				/var/www/blabla.it/logs/error.log;
	
	charset					utf-8;
	
	rewrite					^/sitemap_index\.xml$ /index.php?sitemap=1 last;
	rewrite					^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
 
	location / {
		try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
		fastcgi_cache blabla.it;
		fastcgi_cache_valid 200 5m;	
		fastcgi_cache_bypass $no_cache;
		fastcgi_no_cache $no_cache;
	
		try_files $uri =404;
		fastcgi_split_path_info ^(.+\.php)(/.+)$;			
		include fastcgi.conf;
		fastcgi_pass unix:/var/run/php5-fpm.sock;
	}

	
	### CONFIGS ###
	include conf/h5bp.conf;
	include	conf/expires.conf;


	### TRIVIAL ###

	# Deny dot files:
	location ~ /\. {
		deny all;
	}

	# favicon.ico not found
	location = /favicon.ico {
		access_log off;
		log_not_found off;
	}

	# robots.txt not found
	location = /robots.txt { 
		access_log off; 
		log_not_found off; 
	}


	### CACHE ###

	#Cache everything by default
	set $no_cache 0;

	#Don't cache POST requests
	if ($request_method = POST)
	{
	    set $no_cache 1;
	}

	#Don't cache if the URL contains a query string
	if ($query_string != """")
	{
	    set $no_cache 1;
	}

	#Don't cache the following URLs
	if ($request_uri ~* ""(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)"")
	{
	    set $no_cache 1;
	}

	#Don't cache if there is a cookie called PHPSESSID
	if ($http_cookie ~* ""PHPSESSID|comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in"")
	{
	    set $no_cache 1;
	}

}
}}}"	task	closed	minor		nginx-core	1.7.x	invalid	ssl certificate sni			1.7.4