[m3047]

This doesn't work reliably, because TLS gets implemented incorrectly and the trailing dot is not stripped from the SNI host (TLS not HTTP) header.

Curl has gone back and forth; dunno whether that is curl itself or the resolver libs. Firefox used to be broken, and may still be.

Apache used to almost blow chunks when it got one of these, and I filed a bug (https://bz.apache.org/bugzilla/show_bug.cgi?id=58007); the chosen fix was to serve some "random" cert. Just tried it with an older version of FFX which I know is borked though and it did the right thing, so presumably something further has occurred since 2017.