【Product Change】Replacement announcement for CDN/DCDN/ESA No-SNI Certificate
Mar 27, 2026
Edge Security AccelerationAffected time
2026-04-30 Replacement
Change and Impact
Changes
Starting April 30, 2026, CDN/DCDN/ESA products will gradually replace the No-SNI certificates. The new certificate SAN (Subject Alternate Names) information is as follows:
- CDN/DCDN: *.certfallback.com, certfallback.com
- ESA: *.certfallback-esa.com, certfallback-esa.com
If you have questions, submit a ticket or call the service hotline to contact Alibaba Cloud technical support.
Impact
- No-SNI certificates are only returned when the SSL handshake does not include the SNI field. Under normal circumstances, this change will not affect your business.
- If your client has a strict certificate domain whitelist or certificate verification configured for No-SNI certificates, it may cause SSL handshake failures.
Action required
If your client does not support SNI (legacy SDKs, embedded devices, etc.), and your client has strict certificate domain whitelists or certificate verification configured, you need to update your verification rules to adapt to this certificate change.
If you have any questions, please feel free to contact us via our support hotline or by submitting a ticket.