I’ve been building some web infrastructure, which makes use of an Azure Application Gateway. The infrastructure is defined as code and deployed using Terraform.
There’s one pool of nodes serving a few of sites, which we differentiate using host headers, all standard stuff, and all working well – until we enable the SSL element, then both listeners seem to be serving up the same certificate, regardless of which one is assigned to it – So we’re naturally seeing name errors at this point.
If you get bitten by this one, ensure that you are setting ‘require_sni = true’ in your terraform code for the https listeners. The Azure portal defaults in on when you’re adding a multi-site listener, but it will need specifically including in the terraform.
If you’re using AzureRM JSON, the attribute is ‘RequireServerNameIndication’
The official lowdown is here