SNI allows multiple SSL/TLS hostnames on one IP/port.
While a website might appear to live on a load balancer or CDN, the webserver may have a certificate installed for fallback. If the DNS entry for a domain directs to the CDN or load balancer and the webserver hosts multiple websites with certificates, there is no way to check each certificate if different ports are not used.
In the Cloudflare example, even without SNI, a server may be configured not to respond without a proper hostname request.
Example on Cloudflare
Webserver behind Cloudflare. Webserver has multiple sites with SSL certificates on one IP using SNI.
DNS entry for example.com shows the two IPs of Cloudflare's CDN if caching is enabled. This hides the webserver's actual IP.
If the server is checked for an SSL certificate by IP, only the default site, if configured, will be returned. The current iteration of the SSL/TLS Certificate monitor in Site24x7 does not offer separate entries for Host and Server Name Indication.
Please support SNI.
We've logged this as an enhancement request for the SSL Certificate monitor and will keep you updated of any developments.
If you wish to monitor websites behind the CDN directly, the Website monitor does support SNI (the hostname from the URL is used) through the "Force IP addresses" setting.