SNI: ssl_error_bad_cert_domain on https://<IP>


nginx version: nginx/1.7.10
TLS SNI support enabled
Serving vhosts
each vhost has own registered certificate
each vhost works as expected


Obtain 444 from [http|https]://.

case http://


server {
   listen 80;
   server_name _;
   root /dev/null;
   return 444;

It returns 444, and we are happy about it.

case https://

No additional configuration.

It returns the following:

< uses an invalid security certificate.
< The certificate is only valid for the following names:
< (Error code: ssl_error_bad_cert_domain)

where “” is a random? host from our pool of vhosts, and
its registered certificate is served for the IP-ADDRESS by nginx’s SNI.
Indeed, this is the problem at hand.

The following does not help at all,

server {
#listen 80;
listen 443 ssl;
ssl_certificate_key /etc/ssl//www.key;
ssl_certificate /etc/ssl//www.pem;
server_name _;
root /dev/null;
return 444;

For the sake of proper administration, www.key/pem is a self-signed
certificate with included e-mail “[email protected]”, and
an e-mail address has been created on purpose.

Can you replicate this problem?
Are there any known solutions?

Thank you for your time.

Posted at Nginx Forum:,256957,256957#msg-256957