Need to integrate payment gateway that does not support SNI

I am trying to integrate FPX payment gateway provided by Paynet. During implementation, Paynet feedback that my website is SNI enabled which currently not supported by Paynet. They requested to turn off SNI in my website.

I am not very familiar with this SNI thing but I had did some googling and found that it has something to do with SSL certificate too. I heard that some certificate is able to solve this issue and therefore I am opening this ticket.

Anyway solution that you could advice on this issue? By the way I am currently using a free SSL certificate provided by Let’s Encrypt.

My domain is: gloo.com.my

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, version 86.0.16

Wow… Such an outdated software in their ends.

SNI basically is the configuration (support) that allows you to enable mutiple SSL / https websites/virtualhost on 1 IP.
https://www.ssllabs.com/ssltest/analyze.html?d=gloo.com.my&latest

If your Payment processor require you to turn off SNI, you have two options:

  1. Make this website your default virtualhost for SSL/TLS VH.
  2. Add a new Elastic IP for your AWS instance (additional charge will apply, IP price charged by hour within AWS) and assign this website to the new IP (on the same server). This is basically means you’ll bind that IP to this website.

P.S. I don’t know if that’s an error or not, but it’s awkward a payment processor won’t allow their client websites to use SNI… (As most… 99%? online devices around the world support SNI)

Thank you

1 Like

Thank you for the suggestions.

Can I have some guidance on how to work on your 1st option:
Make this website your default virtualhost for SSL/TLS VH

Are you the root WHM admin on this cPanel server?

If so, you can go to WHM -> Manage SSL Hosts -> Make Primary. (This interface - note the “Is SNI Required” column is “No” for the “Primary” host).

Otherwise, this is not an option.

1 Like

Yes, I am able to go to WHM > Manage SSL Hosts. I already make it Primary and confirmed the ‘Is SNI Required’ column is ‘No’ for the Primary host.

But I am still seeing the message “This site works only in browsers with SNI support.” when I run on ssllabs.com.

Does that means the configuration is still incorrect?

Yes, it’s still not the default SNI site:

$ openssl s_client -connect 52.77.176.51:443 -showcerts 2>/dev/null | openssl x509 -noout -subject
subject=emailAddress = ssl@aws-whm.gloo.com.my, CN = aws-whm.gloo.com.my

I actually realized that the reason this might not be working is that you’re running Engintron on top of cPanel. Since it’s a third-party plugin, I’m not really sure how well it interacts with the default SNI configuration.

You might need to search around for how to configure the default SSL site on Engintron.

Or try fully reload Engintron/nginx - maybe you’ll get lucky and it’ll pick up the default SNI change.

1 Like

Thanks a lot. Really appreciate that you gave a keyword ‘Engintron’. Atleast I got something to start from. Thanks.

3. change payment processor

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.