Issue with binding to SSL hosts on the same server

Hi!

I have a server hosting two environments (test and stage). Both environments are only available over HTTPS having two separate certificates from Let’s Encrypt (for specific domains test.mydomain.com and stage.mydomain.com).
The sites are separate IIS websites, single binding configured though Octopus.

Certificate thumbprints are configured through environment variables and bound with ‘Deploy application’ step.

Everything works just fine except deploying ‘test’ overrides certificate for ‘stage’ and vice versa (the binding itself stays correct, only certificate from another web-site is applied). The logfile warns about binding for the same ip/port but I’m not really sure what’s the problem, actually, since configuring the same bindings manually works just fine:

Making sure a Website “MySite-test” is configured in IIS…
October 18th 2018 19:21:43Info
Finding SSL certificate with thumbprint 83ce4f0516e8afb03e838b6425396c1c82133468
October 18th 2018 19:21:43Info
Found certificate: CN=test.mydomain.com in: WebHosting
October 18th 2018 19:21:44Info
A different binding exists for the IP/port combination, replacing…
October 18th 2018 19:21:44Info
SSL Certificate successfully deleted
October 18th 2018 19:21:44Info
SSL Certificate successfully added
October 18th 2018 19:21:44Info
Application pool “MySite-test” already exists
October 18th 2018 19:21:44Info
Set application pool identity: ApplicationPoolIdentity
October 18th 2018 19:21:45Info
Set .NET framework version: v4.0
October 18th 2018 19:21:46Info
Site “MySite-test” already exists
October 18th 2018 19:21:46Info
Application pool “MySite-test” already assigned to “IIS:\Sites\MySite-test”
October 18th 2018 19:21:46Info
Setting physical path of IIS:\Sites\MySite-test to D:\Octopus\Applications\test\MyCompany.MySite\2.0.43_1
October 18th 2018 19:21:46Info
Comparing existing IIS bindings with configured bindings…
October 18th 2018 19:21:46Info
Looks OK
October 18th 2018 19:21:46Info
Bindings are as configured. No changes required.

Any suggestions on what do I do wrong?
Thanks in advance

Hello,

Thanks for getting in touch. Sorry to hear it’s not working as expected, we’re not sure how to do that action manually could you please share some details of how you configured it manually so we can investigate.

By the sounds of it, it may be a feature of IIS we don’t currently support in Octopus, so if you could share more details/screenshots of what works we can investigate further.

Regards,
Nick

Well, I go and manually assign proper bindings. In fact, bindings are correct except they are assigned the same SSL certificate.

The bindings are configured like this:

Default web site:
http port 80

Test
https test.mydomain.com port 443

Stage
https stage.mydomain.com port 443

The server has two separate certificates for domains test.mydomain.com and stage.mydomain.com

Looking into logs, octopus uses correct thumbprints per environment.

To me looks like a side effect of re-adding SSL bindings but not really sure what could be wrong there.

Found the solution. It turned out even if two SSL sites on the same IP in fact work, checkbox ‘Require Server Name Indication’ must be set when adding SSL binding. Setting the corresponding checkbox in Octopus solved the problem.

Good to hear! Thanks for letting us know.

I was debugging the code looking for a bug.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.