tls_expiry: enable sni by default and use host for that?

[cpina]

the tls_expiry monitor: SNI seems quite common nowadays. Instead of having:

[lets-encrypt-certificat-pina-cat-28days]
type=tls_expiry
host=pina.cat
min_days=28
sni=pina.cat

Could be:

[lets-encrypt-certificat-pina-cat-28days]
type=tls_expiry
host=pina.cat
min_days=28

I think that SNI is used by default everywhere (or is part of the handshake when the browser connects there?).

I know that is hard to change default options without breaking existing monitors...

[jamesoff]

Yeah I’m always wary of changing defaults but I wonder if this one is probably safe. A new option can be added to disable SNI for cases where it’s not desirable, and presumably in those cases it will start failing if the remote end rejects the connection with it which will make it noisy immediately on upgrade.