We got an email from Google with the following TLS warning - What does it mean?

"Self-signed SSL/TLS certificate for https://www.website.com/

To: Webmaster of https://www.website.com/

Google has detected that the SSL/TLS certificate used on https://www.website.com/ is self-signed, which means that it was issued by your server rather than by a Certificate Authority. Because only Certificate Authorities are considered trusted sources for SSL/TLS certificates, your certificate cannot be trusted by most of the browsers. In addition, a self-signed certificate means that your content is not authenticated, it can be modified, and your user’s data or browsing behaviour can be intercepted by a third party. As a result, many web browsers will block users by displaying a security warning message when your site is accessed. This is done to protect users’ browsing behaviour from being intercepted by a third party, which can happen on sites that are not secure."

That warning is related to TLS Server Name Indication (SNI). All modern browsers and mobile devices use SNI to indicate the domain they expect when establishing a HTTPS connection. This is how many Internet systems today, including section.io, determine which certificate to present to the client.

The Google-bot normally crawls your site using SNI like a modern browser but they have also performed a test without SNI and sent you this email warning that some older clients may be presented with an invalid certificate.

At the time of writing less that 1.45% of all HTTPS requests through the section.io platform make connections without sending the SNI information and the majority of those requests come from the far less mainstream bots. It is extremely rare for a end-user’s browser to not support SNI today.

Due to the rare need to continue to support non-SNI clients in 2016 and the nature of the extra configuration required to support non-SNI, section.io considers non-SNI support to be a premium platform feature.

Please contact us if you would like to discuss your requirements for non-SNI support further.