How do I setup multiple subdomains with their own certificate using nginx?

listen 443 ssl default_server;
listen [::]:443 ssl;

The first line enables listening on port 443 on IPv4. The second line covers IPv6 only. Since you have only a single listen 443 (IPv4) configuration it is the one which gets used if you connect with IPv4. If you would try to connect with IPv6 instead SNI should show the expected behavior.

Instead you might probably use for the default server:

  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;

And for the other server

  listen 443 ssl;
  listen [::]:443 ssl;

It apparently has something to do with the IPv6 listen syntax. When I change

listen [::]:443 ssl;

to

listen 443 ssl;

Then it works.

I don't know why this is and would welcome other answers with more/better explanation.

Tags:

Nginx

Ssl

Sni