diff --git a/plugins/nginx-vhosts/commands b/plugins/nginx-vhosts/commands
index 099b38cf4..3ec06faa5 100755
--- a/plugins/nginx-vhosts/commands
+++ b/plugins/nginx-vhosts/commands
@@ -51,10 +51,14 @@ EOF
 
         SSL_HOSTNAME=$(openssl x509 -in $SSL_INUSE/server.crt -noout -subject | tr '/' '\n' | grep CN= | cut -c4-)
         SSL_HOSTNAME=$(echo "$SSL_HOSTNAME" | sed 's|\.|\\.|g' | sed 's/\*/\.\*/g')
-
         [[ -z "$(egrep ^"$SSL_HOSTNAME"$ $VHOST_PATH)" ]] && echo "$SSL_HOSTNAME" | sed 's/\\./\./g' >> $VHOST_PATH
-        SSL_VHOSTS=$(egrep ^"$SSL_HOSTNAME"$ $VHOST_PATH || exit 0)
-        NONSSL_VHOSTS=$(egrep -v ^"$SSL_HOSTNAME"$ $VHOST_PATH || exit 0)
+
+        SSL_HOSTNAME_ALT=$(openssl x509 -in $SSL_INUSE/server.crt -noout -text | grep --after-context=1 '509v3 Subject Alternative Name:' | tail -n 1 | sed -e "s/[[:space:]]*DNS://g"  | tr ',' '\n' || true)
+        SSL_HOSTNAME_ALT=$(echo "$SSL_HOSTNAME_ALT" | sed 's|\.|\\.|g' | sed 's/\*/\.\*/g')
+        [[ -z "$(egrep ^"$SSL_HOSTNAME_ALT"$ $VHOST_PATH)" ]] && echo "$SSL_HOSTNAME_ALT" | sed 's/\\./\./g' >> $VHOST_PATH
+
+        SSL_VHOSTS=$(egrep "^${SSL_HOSTNAME}$|^${SSL_HOSTNAME_ALT}$" $VHOST_PATH || exit 0)
+        NONSSL_VHOSTS=$(egrep -v "^${SSL_HOSTNAME}$|^${SSL_HOSTNAME_ALT}$" $VHOST_PATH || exit 0)
 
         while read line; do
           echo "-----> Configuring SSL for $line..."
diff --git a/tests/unit/nginx-vhosts.bats b/tests/unit/nginx-vhosts.bats
index bd1b1f285..0c6f09db1 100644
--- a/tests/unit/nginx-vhosts.bats
+++ b/tests/unit/nginx-vhosts.bats
@@ -25,10 +25,39 @@ teardown() {
 @test "nginx:build-config (with SSL CN mismatch)" {
   setup_test_tls
   deploy_app
-  run /bin/bash -c "dokku domains $TEST_APP | grep node-js-app.dokku.me"
+  run /bin/bash -c "dokku domains $TEST_APP | egrep ^node-js-app\.dokku\.me$"
   echo "output: "$output
   echo "status: "$status
   assert_output "node-js-app.dokku.me"
+  run bash -c "response=\"$(curl -LkSs node-js-app.dokku.me)\"; echo \$response; test \"\$response\" == \"nodejs/express\""
+  echo "output: "$output
+  echo "status: "$status
+  assert_success
+}
+
+@test "nginx:build-config (with SSL and Multiple SANs)" {
+  setup_test_tls_with_sans
+  deploy_app
+  run /bin/bash -c "dokku domains $TEST_APP | egrep ^test\.dokku\.me$"
+  echo "output: "$output
+  echo "status: "$status
+  assert_output "test.dokku.me"
+  run /bin/bash -c "dokku domains $TEST_APP | grep ^www\.test\.dokku\.me$"
+  echo "output: "$output
+  echo "status: "$status
+  assert_output "www.test.dokku.me"
+  run bash -c "response=\"$(curl -LkSs test.dokku.me)\"; echo \$response; test \"\$response\" == \"nodejs/express\""
+  echo "output: "$output
+  echo "status: "$status
+  assert_success
+  run bash -c "response=\"$(curl -LkSs www.test.dokku.me)\"; echo \$response; test \"\$response\" == \"nodejs/express\""
+  echo "output: "$output
+  echo "status: "$status
+  assert_success
+  run bash -c "response=\"$(curl -LkSs www.test.app.dokku.me)\"; echo \$response; test \"\$response\" == \"nodejs/express\""
+  echo "output: "$output
+  echo "status: "$status
+  assert_success
 }
 
 @test "nginx:build-config (no global VHOST and domains:add)" {
diff --git a/tests/unit/server_ssl_sans.tar b/tests/unit/server_ssl_sans.tar
new file mode 100644
index 000000000..ae50b7a9a
Binary files /dev/null and b/tests/unit/server_ssl_sans.tar differ
diff --git a/tests/unit/test_helper.bash b/tests/unit/test_helper.bash
index 763574a8c..37db58b5c 100644
--- a/tests/unit/test_helper.bash
+++ b/tests/unit/test_helper.bash
@@ -109,3 +109,10 @@ setup_test_tls() {
   tar xf $BATS_TEST_DIRNAME/server_ssl.tar -C $TLS
   sudo chown -R dokku:dokku $TLS
 }
+
+setup_test_tls_with_sans() {
+  TLS="/home/dokku/$TEST_APP/tls"
+  mkdir -p $TLS
+  tar xf $BATS_TEST_DIRNAME/server_ssl_sans.tar -C $TLS
+  sudo chown -R dokku:dokku $TLS
+}