No SNI support on multisite installation

Thomas Ward teward at thomas-ward.net
Fri Mar 15 18:04:56 UTC 2024


If you only have one IP, then you cannot fix this.  SNI is what determines which certificate to serve for the request.  The only solution would be individual IPs for each domain, thus not needing SNI to get the correct cert for each domain.



Sent from my Galaxy



-------- Original message --------
From: Saint Michael <venefax at gmail.com>
Date: 3/11/24 02:34 (GMT-05:00)
To: nginx at nginx.org
Subject: No SNI support on multisite installation

I have an openresty server, latest, compiled with http_ssl. So I have
5 websites on the same IP, each one with a server block, a listen
statement XXXX:443 SSL; and its own server_name but when I test any of
the certificates (example https:// 3y3. us), the online analyzer
https://www.ssllabs.com/ssltest/ says that there is no SNI support,
"This site works only in browsers with SNI support."
" Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI
Server Key and Certificate #1
Subjectssnode1.minixel.com
Fingerprint SHA256:
2c43df752c9f32a0b9072c9918c7f4064f215a75f321a3eed54f3ea53d377291
Pin SHA256: 0EYY9GZfp68L6vPN7Y0wSjXldFNAUDJBnJ3zFl+KhXs=Common
namesssnode1.minixel.comAlternative namesssnode1.minixel.com
MISMATCH.
Revocation status Good (not revoked)
Trusted No   NOT TRUSTED
Mozilla  Apple  Android  Java  Windows

so how do I avoid this issue? Is there anything missing in my
configuration? I need to use the same IP for every website.
_______________________________________________
nginx mailing list
nginx at nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240315/5e9ebb87/attachment.htm>


More information about the nginx mailing list