Hosting multiple SSL certificates on a single IP address with SNI


  • Applies to: Grid
    • Difficulty: Easy
    • Time Needed: 10
    • Tools Required: AccountCenter access
  • Applies to: DV 4.0
    • Difficulty: Easy
    • Time Needed: 10
    • Tools Required: Plesk administrator access
  • Applies to: DV
    • Difficulty: Easy
    • Time Needed: 10
    • Tools Required: Plesk administrator access

Overview

All of our hosting services support the Server Name Indication (SNI) extension to the Transport Layer Security protocol. This makes it possible for Apache to use authentic SSL certificates for sites hosted on shared IP addresses. SNI helps to efficiently use IPv4 resources and provides the following benefits:

  • You can run any number of SSL sites with independent certificates on a single IPv4 address.
  • You can install independent SSL certificates on each of your sites. Now, there is no need to create another subscription. Each subscription can install an SSL certificate even if there is only one shared IP address on the whole server.

Supported Browsers

SSL support with SNI on shared IP addresses requires that the user's browser supports SNI. Most modern web browsers support it (e.g., IE 7 and above, Firefox, Opera, and Chrome). However, there are a few outlier exceptions:

  • Any Internet Explorer browser on Windows XP
  • Chrome 5 and older on Windows XP
  • Blackberry web browser
  • Windows Mobile phones up to version 6.5
  • Android mobile phone default browser on Android OS 2.x

Most of these exceptions are found when the end-user is running software that is incredibly out of date. To learn more about SNI and client software that supports it, refer to http://en.wikipedia.org/wiki/Server_Name_Indication.

SNI on the Grid

SNI has been enabled on the Grid since September of 2013. This allows for multiple SSL certificates to be installed to a single Grid hosting service via each domain's Control Panel in the AccountCenter. For more information, please see our article on Installing an SSL Certificate.

SNI on the DV server

SNI is enabled by default on all DV servers. Multiple SSL certificates can be hosted on the same IP address by installing them through the "Websites & Domains" tool in the Plesk control panel. For more information, please see our article on Installing an SSL Certificate.

Enabling SNI via Plesk

Power User Mode

  1. Click on the "Server" tab.
  2. Scroll down and choose the "Updates and Upgrades" link.
    SNI installation - Power User mode
  3. Click the "Add Components" button.
    SNI installation - Step 3
  4. Under "Plesk hosting features," choose "Apache web server with SNI support" and then press the continue button.
    SNI installation - Step 4
  5. Plesk will update with the new Apache version, install any new micro updates to itself, and will present a green success box when the installation is finished.
    SNI installation - Step 5a
    SNI installation - Step 5b

Service Provider Mode


  1. Click on the "Tools & Settings" button.
  2. Choose the "Updates and Upgrades" link.
    SNI installation - Reseller mode
  3. Click the "Add Components" button.
    SNI installation - Step 3
  4. Under "Plesk hosting features," choose "Apache web server with SNI support" and then press the continue button.
    SNI installation - Step 4
  5. Plesk will update with the new Apache version, install any new micro updates to itself, and will present a green success box when the installation is finished.
    SNI installation - Step 5a
    SNI installation - Step 5b

Enabling SNI via SSH

If you would rather enable Apache SNI via SSH, this can also be done. Ensure you are logged into the server as the ‘root’ SSH user, and run the following command:

/usr/local/psa/admin/sbin/autoinstaller --source http://mirrors.mtsvc.net/autoinstall/ --select-product-id plesk --select-release-current --install-component apache-sni

This command will install Apache SNI support, and also ensure your Plesk control panel has the latest updates applied.