I ran the Qualys SSLlabs test against the main domain on my server, and got the good result I expected (straight A).
However, there was one oddity which concerned me slightly, as it is a breach of privacy, even if not of security. They do a test accessing the server without SNI, and they get in response the certificate of a completely different web site on my server (which reveals that I am handling that web site).
Is this inevitable? And if it is unavoidable, is there any way to ensure that the “default” certificate returned in this way is at least one of my choosing? The site concerned is not at the start or end of my caddyfile.