pcarrier(sorry if y'all already know this) CNAME operates at the DNS level, to determine which machine to contact for the name. then the machine needs to know which certificate to use for HTTPS (TLS-NI), and which content to serve for HTTP (often referred to as virtual hosts).
