OpenSSL :: X509 :: Certificate Validating Invalid Domain

I am looping through the list of domains to see if there are a) 443 listeners and b) collect the ssl cert expiration, signature algorithm and common name. All domains that have listener 443 report the correct ssl certificate (matching what Chrome reports), however there is one domain that doesn't report correctly - myproair.com, which reports the certificate for parkinsonsed.com - any ideas

  # ssl cert lookup
  begin 
    timeout(1) do
      tcp_client = TCPSocket.new("#{instance["domain"]}", 443)
      ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client)
      ssl_client.connect
      cert = OpenSSL::X509::Certificate.new(ssl_client.peer_cert)
      ssl_client.sysclose
      tcp_client.close
      #http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html
      date = Date.parse((cert.not_after).to_s)
      row.push("#{date.strftime('%F')} #{cert.signature_algorithm} #{cert.subject.to_a.select{|name, _, _| name == 'CN' }.first[1]}".downcase.ljust(57))
    end
  rescue SocketError
    row.push("down".ljust(57))
  rescue Errno::ECONNREFUSED
    row.push("connection refused".ljust(57))
  rescue Errno::ECONNRESET
    row.push("connection reset".ljust(57))
  rescue Timeout::Error
    row.push("no 443 listener".ljust(57))
  rescue Exception => ex
    row.push("error: #{ex.class}".ljust(57))
  end

      

        
        
        
      

    

Refresh . Here are the versions I'm working with:

$ ruby --version
ruby 2.0.0p481 (2014-05-08 revision 45883) [universal.x86_64-darwin14]

$ openssl version
OpenSSL 0.9.8zc 15 Oct 2014

      

        
        
        
      

    

I have verified that the SNI extension is sent to ClientHello

using OpenSSL s_client

with parameters -connect

, -tls1

and -servername

.