Https without SNI

Alex-r · June 5, 2017, 9:56am

Hello.
I need to ssl worked without SNI mode. You can make ssl worked without SNI? If you can, then please do. the website https://belnos.ru
Thank you!

danb35 · June 5, 2017, 10:02am

SNI has nothing to do with the Certificate Authority or the certificate they issue; it’s all a matter of your web server and its configuration. This question has nothing at all to do with Let’s Encrypt.

ahaw021 · June 5, 2017, 12:48pm

hi @Alex-r

I do not understand - your webserver supports SNI

Also if you are talking about the TLS-SNI validation method. The SNI component is mandated by the standard.

https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.3

Andrei

Osiris · June 5, 2017, 1:01pm

Perhaps some clients don't.

For SSL to work without SNI, you would have to have multiple IP addresses to server multiple certificates. If you just have a single certificate for just one site, there shouldn't be any configuration needed at all. If you do have multiple IP addresses, just make sure every <VirtualHost> directive is using a different IP address. Also, the corresponding hostname for that <VirtualHost> should point to that IP address, but that's obvious, I hope.

If you don't have multiple IP addresses and you DO need multiple certificates to work without SNI: that isn't possible.

rg305 · June 6, 2017, 5:11am

Can you show the conf file?
Maybe we could better understand your situation and your goal.

tdelmas · June 6, 2017, 8:45am

To ensure your server works with clients without SNI support, the default domain of your server must answer a certificate that cover all domains managed by that server.

Let’s Encrypt allows you to create certificates that contains up to 100 domains (but no wildcard).

rg305 · June 6, 2017, 9:41am

SNI is required on “shared” servers.
If you don’t own the entire IP, then the server must use SNI to direct individual requests to their proper website.
https://site.one = IP1
https://site.two = same IP1
https://site.three = same IP1 again
https://site.four = and same IP1 again

So, you basically want https://IP1 and https://your.site to show your site?
If so, talk to whomever controls the IP - who has root access? who can make changes to the web server conf file?
Only a server admin can make such a change.

system · July 6, 2017, 9:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.