Correct way to install multiple SSL certs on one account

[kwdamp]

Have a dedicated server and we have setup an account with a dedicated IP address. There will be 3 domain names pointing to this account. Right now I have all setup as additional domains in cpanel on the account. That aspect works as expected, all just point to the same files.

However, when I tried to install a second SSL certificate on the account (for one of the other two domains we would like accessible), it installed the new SSL in place of the original, instead of in addition to.

Obviously in this day and age every domain needs an SSL cert if users will be visiting a site via that domain. So what is the simplest way to accomplish this? (We own the server and all accounts, so no issues with permissions or anything like that.)

 

[ffeingol]

Are they add-on domains or aliases? From what you are describing it sounds like aliases and in that case you'd need a SAN cert.

Why just not use the free cPanel provided or Let's Encrypt certs and it should just be "handled"?

 

[kwdamp]

Are they add-on domains or aliases? From what you are describing it sounds like aliases and in that case you'd need a SAN cert.

Why just not use the free cPanel provided or Let's Encrypt certs and it should just be "handled"?

I could set them up as either add-on domains or aliases I guess. Which would be easier to get working? Not interested in paying for a SAN certificate, but I didn't think it was necessary.

I might play around with the cpanel / self-signed certificates, but we get free access to globalsign certs with our dedicated server contract so there's no overhead to installing multiple certificates.

 

[ffeingol]

There is literally no effort (other than setting it up) to use cPanel's AutoSSL: Manage AutoSSL | cPanel & WHM Documentation These are valid/signed certs. The default is the cPanel issued in (by Sectigo) but you can also use Let's Encrypt.

With add-on domains you should be able to install multiple certs, as they have different entries in the Apache config. For aliases, they would have to be a SAN cert, as it's one single entry in the Apache config for the main + aliased sites.