alt Hacker NewsAlso serve the default website (via IP) from a basically empty self-signed certificate that doesn't give away any domain names or owner details.
Also serve the default website (via IP) from a basically empty self-signed certificate that doesn't give away any domain names or owner details.
You don't have to serve any certificates on the default website. Web server would just fail TLS connection, since it doesn't have a certificate for it.
Not sure if this applies to all web servers, but at least Caddy and a few others support this.