Issue
You want to verify your SNI certificate is setup correctly before switching your DNS over.
Resolution
You'll use cURL to do this, and the --resolve
attribute is important for this. From the cURL man page
--resolve host:port:address
Provide a custom address for a specific host and port pair. Using this, you can make the curl requests(s) use a specified address and >prevent the otherwise normally resolved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line. The >port number should be the number used for the specific protocol the host will be used for. It means you need several entries if you want to >provide address for the same host but different ports.
The provided address set by this option will be used even if -4, --ipv4 or -6, --ipv6 is set to make curl use another IP version.
This option can be used many times to add many host names to resolve.
so to test www.foodblog.org
with a stable-cname of www.foodbloc.org.herokudns.com
you would do:
$ curl --verbose "Host: www.foodbloc.org" https://www.foodbloc.org --resolve www.foodbloc.org:443:`dig www.foodbloc.org.herokudns.com +short | head -n1`