IIS serves wrong SSL Wildcard certificate
Hi folks,
In the last few years, i've started to increasingly encounter a very frustrating problem with IIS serving a wrong wildcard certificate.
Let me elaborate.
The issue exists on a variety of Windows Servers, so it’s not bound to a specific type of Windows Server or IIS.
Windows 2012R2 - IIS8.5
Windows 2016 - IIS10
Windows 2019 - IIS10
When configured from scratch, our config works well. It can work up to a few weeks, months or even years and then suddenly it stops working and serves the wrong certificate.
An example of our config:
In IIS we have a site named www.website1.com
www.websitenumberone.com - 123.123.123.111 – Single domain SSL – SNI enabled
www.websiteaboutpizza.com - 123.123.123.111 - Wildcard SSL – SNI enabled
In IIS we have a site named www.website2.com
www.websitenumbertwo.com - 123.123.123.111 – Single domain SSL – SNI enabled
Now, the problem is that www.websitenumbertwo.com serves the wildcard SSL from www.websiteaboutpizza.com . The only thing I can do is remove the wildcard SSL from www.websiteaboutpizza.com from the server to fix it.
If I then remove the binding www.websiteaboutpizza.com from www.website1.com and reinstall the wildcard certificate from www.websiteaboutpizza.com , the problem re-emerges instantly (meaning the wildcard gets loaded on websitenumbertwo.com). The only side-note I have is that the binding www.websiteaboutpizza.com remains in the underlaying CMS hostnames (which should not be a problem).
Killing the apppool; Restarting IIS; reconfiguring the bindings have no effect, only the removal of the wildcard, which obviously is not a suitable option.
Nowhere on the web have I found a similar issue.
I hope anyone can give me some fresh insights.
Thanks in advance!