Up until now I wasn’t running any switches with Caddy. So thank you for pointing me down the right path. I added in the -log switch and found the issue. The ALB does support SNI but on the frontend; but maybe not on the backend.
This is from the logs:
2020/03/20 08:41:59 http: TLS handshake error from 10.2.5.126:31486: no certificate available for ‘’
2020/03/20 08:41:59 http: TLS handshake error from 10.2.5.75:45732: no certificate available for ‘’
2020/03/20 08:42:01 http: TLS handshake error from 10.2.5.126:31576: no certificate available for ‘’
2020/03/20 08:42:01 http: TLS handshake error from 10.2.5.75:45838: no certificate available for ‘’
2020/03/20 08:42:06 http: TLS handshake error from 10.2.5.126:31648: no certificate available for ‘’
2020/03/20 08:42:06 http: TLS handshake error from 10.2.5.75:45874: no certificate available for ‘’
2020/03/20 08:42:11 http: TLS handshake error from 10.2.5.126:31686: no certificate available for ‘’
2020/03/20 08:42:11 http: TLS handshake error from 10.2.5.75:45914: no certificate available for ‘’
2020/03/20 08:42:16 http: TLS handshake error from 10.2.5.126:31736: no certificate available for ‘’
2020/03/20 08:42:16 http: TLS handshake error from 10.2.5.75:45982: no certificate available for ‘’
2020/03/20 08:42:21 http: TLS handshake error from 10.2.5.126:31808: no certificate available for ‘’
2020/03/20 08:42:21 http: TLS handshake error from 10.2.5.75:46046: no certificate available for ‘’
I added on -default-sni switch and forced it to the specific site and it works!
However since we host around 15 - 20 sites I need a better solution. I guess I could always just use a self-signed cert and be done with it but it would be nice to utilize the letsencrypt certs that are auto issued.