How to enable non-SNI support for domain

Security
#1

Hi!
I am trying to add payments to my site. But the money trasnfer finishing with error. I created a ticket in provider’s site (kassa on yandex) and got this answer:

As far as we can see, the error is related to the fact that your SSL certificate uses SNI support.
You can solve this problem like this:

  • Ask for a new certificate from your hosting without SNI support.
  • Request an SSL certificate through our Reg.ru partners.

I am not sure i fully understand how Cloudflare works with sertificate. Which sertificate is used on my site ( http://svoyashkola.ru ) now. And where to find the answer ((

Help me plz :slight_smile:

#2

SNI is not certificate but SSL related (unless they meant SANs, which are a completely different thing). You will have a hard time trying to get Cloudflare to work without SNI, as that is not supported anymore. They had that before for the high-end plans but deprecated this there as well AFAIK.

You could always contact sales and ask if any of these plans still support it.

#3

Thanx, Sandro!
1234567
So, maybe the solution is to switch to paid account and upload custom certificate from my hosting?

#4

12345678
12345678754×624 44.1 KB

#5

This will not change the need for SNI.

#6

In this case, what is “certificate from your hosting without SNI support”? How can i get it and use with Cloudflare? My hosting is beget.com, they can solve this problem?

#8

I addressed this in my very first response. These two things are not related. Your host should not be involved here either, only Yandex can explain what their issue is. Either they did not explain it correctly or they have some very outdated technology.

I do remember from other threads here however that Yandex had issues in this area. Maybe use the search

Also their statement “You shouldn’t use SSL with SNI (Server Name Identification) support.” at https://tech.yandex.com/money/doc/payment-solution/ssl-docpage/ is rather interesting.

In short, connections to Cloudflare’s proxies require SNI support. What you could do is have an unproxied record which points straight to your server and let Yandex connect there.

#9

You can also check out https://support.cloudflare.com/hc/en-us/articles/203041594

That article actually refers to what you mentioned earlier - custom certificates - but I am not sure how accurate that would be as SNI is SSL related rather than certificate related. But you could contact support and clarify with them if upgrading would get you a dedicated address where you don’t necessarily need SNI.