Issues with SNI?
I have two websites on the same IP using SNI, both secured with DNSSEC and different TLSA records. Also the TTL for the A record is only 10s.
Using Firefox, most of the time everything works and both icons show green. However sometimes if I had the first page open for a while then open the other I get a red icon for the TLSA record. However all links on the page work fine (I selected to block if TLSA record is wrong) Just doing a refresh in the browser does not help. Closing the brower and opening it again shows both as green again, so it probably is caching something and maybe not using the name but the IP somehow?
The pages in question (slow upstream, be gentle... :-)