diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go
index 9b7c3c8b9d..a48cbcf6e7 100644
--- a/internal/gatewayapi/listener.go
+++ b/internal/gatewayapi/listener.go
@@ -408,10 +408,17 @@ func isOverlappingHostname(hostname1, hostname2 *gwapiv1.Hostname) bool {
 	if hostname1 == nil || hostname2 == nil {
 		return true
 	}
+	domain1 := strings.Replace(string(*hostname1), "*.", "", 1)
+	domain2 := strings.Replace(string(*hostname2), "*.", "", 1)
+	return isSubdomain(domain1, domain2) || isSubdomain(domain2, domain1)
+}
 
-	h1 := strings.Replace(string(*hostname1), "*.", "", 1)
-	h2 := strings.Replace(string(*hostname2), "*.", "", 1)
-	return strings.HasSuffix(h1, h2) || strings.HasSuffix(h2, h1)
+// isSubdomain checks if subDomain is a sub-domain of domain
+func isSubdomain(subDomain, domain string) bool {
+	if subDomain == domain {
+		return true
+	}
+	return strings.HasSuffix(subDomain, fmt.Sprintf(".%s", domain))
 }
 
 func buildListenerMetadata(listener *ListenerContext, gateway *GatewayContext) *ir.ResourceMetadata {
diff --git a/internal/gatewayapi/listener_test.go b/internal/gatewayapi/listener_test.go
index 9c16fa6500..293ded7f1b 100644
--- a/internal/gatewayapi/listener_test.go
+++ b/internal/gatewayapi/listener_test.go
@@ -174,6 +174,12 @@ func TestIsOverlappingHostname(t *testing.T) {
 			hostname2: ptr.To(gwapiv1.Hostname("*.test.com")),
 			want:      false,
 		},
+		{
+			name:      "different sub domains of same domain",
+			hostname1: ptr.To(gwapiv1.Hostname("api.foo.dev")),
+			hostname2: ptr.To(gwapiv1.Hostname("testing-api.foo.dev")),
+			want:      false,
+		},
 	}
 
 	for _, tt := range tests {
diff --git a/release-notes/current.yaml b/release-notes/current.yaml
index 431d6df99c..26bab493fc 100644
--- a/release-notes/current.yaml
+++ b/release-notes/current.yaml
@@ -31,6 +31,7 @@ bug fixes: |
   Keep ALPN configuration for listeners with overlapping certificates when ALPN is explicitly set in ClientTrafficPolicy.
   Fixed issue that switch on wrong SubjectAltNameType enum value in BackendTLSPolicy.
   Fixed issue that BackendTLSPolicy should not reference ConfigMap or Secret across namespace.
+  Fixed bug in certificate SANs overlap detection in listeners.
 
 # Enhancements that improve performance.
 performance improvements: |