I’m using HAProxy in pfSense on a Netgate device. I’ve configured it to host two domains - let’s call them xone.com and xtwo.com. I’ve generated wildcard certs for both each of which covers .com and www..com.
I’ve set up a frontend to handle HTTPS with the xone.com cert as the certificate and xtwo.com as an additional certificate.
I’ve set up two shared frontends - one for each domain. They are configured pretty much identically except that each has its relevant certificate.
And it’s working - nearly.
xone.com is working fine. I can visit xone.com and any of the configured subdomains, such as www.xone.com.
But xtwo.com is behaving in a way I don’t understand. I can get to www.xtwo.com, but trying to go to xtwo.com (ie, without a subdomain) results in a cert error. The logs show:
SSL handshake failure (error:0A000412:SSL routines::sslv3 alert bad certificate
Like I say, I set up the certs in the same way for both domains, so I’m confused why I’m getting different behaviours.
Any thoughts about where I can look next?