Hey everyone, good news, I've managed to fix this issue on my side. And came back with solution: Long story short: Looks like some Apple iOS libraries (probably connected to TLS/SSL) respects RFC (RFC 1035) too much and SNI does not work when your domain has symbols like "_" (underscore) in it. I've switched from using pewpew_blast.mydomain.com to pewpew-blast.mydomain.com and the issue disappeared. Uncut I've started investigation enabling security best practices in my web server configuration – enabled TLSv1.3, disabled TLSv1.1, enabled OCSP stapling, added HSTS header, generated and enabled dhparam, renewed intermediate certificate for default domain to make sure it's fully valid. Nothing helped. I've then started to think of other places I've been using SNI, I found such place, checked from my iPhone and it worked without issues. Strange, because SSLLabs grade for that domain which works was C, while my domain with iOS issue is A+. Additionally I've checked default (non SNI) virtual host for domain which works on iOS and found that I have self-signed certificate, so it's definitely not connected to invalid domain on default vhost. I've started to compare settings and thought that maybe it's underscore, which I know is not supposed to be in domain name according to RFC. I've configured my vhost to work with both dash and underscore, opened domain with dash and surprisingly found it works fine. Both domains with underscore and with dash are processed by the same webserver and with the same vhost, so it means both domains has the same configuration and the only difference is domain name. Conclusion Even thought underscore is not valid character in domain name according to RFC 1035, it would be great if Apple would support it to make sure their users has more capabilities to surf the Internet. Meanwhile domain owners should take in their considerations that underscore is not valid character for domain name and avoid using it to make sure all devices are able to access their web resources.

I've just run into same issue, I've run some tests and it looks like after upgrade to iOS 14 both Safari and Chrome browsers does not support SNI anymore. I have a server with nginx and some virtual hosts on it and using different SSL certificates. Everything works fine when I open these sites from PC, however when I open some websites from iOS 14 device it shows up error with certificate. I've checked and it looks like it's default SSL certificate that I have on my server, but iOS should send SNI before initiating SSL connection to make sure it works with the right certificate, which is not happening. It's not just me, my colleagues and other visitors reporting the same issue with these sites. If you want, Matt, I can email you few domains to reproduce the issue if you want to check this from your side. I first thought that maybe it's because Apple rejected to work with SNI when encryption protocol is lower than TLS1.3, I've enabled TLS1.3, but it didn't help. I've checked it connection with developer tools to my Safari and it shows that connection is TLS1.3 but certificate is for wrong domain. However, if I say that I'm okay with the risks, it opens the correct site (looks like it sends 'Host:' header with correct domain afterwards).