The issue seems to be the client implementation not providing server name indication.
The way it works is finding first a server profile by matching the ip and port (which is not actually used at that moment) and registering a callback for SNI, which is executed and searches for a profile matching the server_name. However, there is no SNI from the client based on the last log message next:
``` Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_server.c:199]: tls_complete_init(): completing tls connection initialization Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_server.c:228]: tls_complete_init(): Using initial TLS domain TLSs<172.16.30.205:5061> (dom 0x7fc8bcce7fd8 ctx 0x7fc8bcf945b0 sn [first.my-domain.com]) Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_domain.c:724]: sr_ssl_ctx_info_callback(): SSL handshake started Jun 25 15:43:51 kamailio-dev /usr/sbin/kamailio[9344]: DEBUG: tls [tls_domain.c:927]: tls_server_name_cb(): SSL_get_servername returned NULL: return SSL_TLSEXT_ERR_NOACK ``` So, SSL_get_servername() didn't returned a server name from the SSL context, meaning that the client didn't provide any.
Can you try with s_client from openssl, something like:
``` openssl s_client -servername myservername.com -tlsextdebug -connect mykamailio.ip:5061 ``` and watch the logs to see what is printed there?