Google warning self signed certificate

It can happen that you receive an e-mail message from Google about using an self-signed certificate on your site. The content should be similar to this:

 Self signed SSL/TLS certificate for https://www.xolphin.com
 
 To: Webmaster of https://www.xolphin.com
 
 Google has detected that the SSL/TLS certificate used on https://www.xolphin.com is self-signed, which means that it was issued by your server rather than by a Certificate Authority. Because only Certificate Authorities are considered trusted sources for SSL/TLS certificates, your certificate cannot be trusted by most of the browsers. In addition, a self-signed certificate means that your content is not authenticated, it can be modified, and your user’s data or browsing behavior can be intercepted by a third-party. As a result, many web browsers will block users by displaying a security warning message when your site is accessed. This is done to protect users’ browsing behavior from being intercepted by a third party, which can happen on sites that are not secure.
 Recommended Action:
 
 Get a new certificate
 
 To correct this problem, you need to get a new, dedicated SSL/TLS certificate from a trusted Certificate Authority (CA). This certificate must match your complete site URL, or be a wildcard certificate that can be used for multiple subdomains on a domain.

Google advises here to order an new certificate, while your certificate was just installed correctly. Our experience is that the Google bot that indexes your site has no support for SNI. This results in the Google bot seeing the default server certificate on the server, when there are multiple certificates configured on the same IP address. Check via the excellent SSL Labs test wether SNI is being used on your webserver.

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues