Https without SNI

Hello.
I need to ssl worked without SNI mode. You can make ssl worked without SNI? If you can, then please do. the website https://belnos.ru
Thank you!

SNI has nothing to do with the Certificate Authority or the certificate they issue; it’s all a matter of your web server and its configuration. This question has nothing at all to do with Let’s Encrypt.

hi @Alex-r

I do not understand - your webserver supports SNI

Also if you are talking about the TLS-SNI validation method. The SNI component is mandated by the standard.

https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.3

Andrei

Perhaps some clients don’t. :wink:

For SSL to work without SNI, you would have to have multiple IP addresses to server multiple certificates. If you just have a single certificate for just one site, there shouldn’t be any configuration needed at all. If you do have multiple IP addresses, just make sure every <VirtualHost> directive is using a different IP address. Also, the corresponding hostname for that <VirtualHost> should point to that IP address, but that’s obvious, I hope.

If you don’t have multiple IP addresses and you DO need multiple certificates to work without SNI: that isn’t possible.

Can you show the conf file?
Maybe we could better understand your situation and your goal.

To ensure your server works with clients without SNI support, the default domain of your server must answer a certificate that cover all domains managed by that server.

Let’s Encrypt allows you to create certificates that contains up to 100 domains (but no wildcard).

1 Like

SNI is required on “shared” servers.
If you don’t own the entire IP, then the server must use SNI to direct individual requests to their proper website.
https://site.one = IP1
https://site.two = same IP1
https://site.three = same IP1 again
https://site.four = and same IP1 again

So, you basically want https://IP1 and https://your.site to show your site?
If so, talk to whomever controls the IP - who has root access? who can make changes to the web server conf file?
Only a server admin can make such a change.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.