diff --git a/src/certificates.rs b/src/certificates.rs
index 683f1eb..3a39a8e 100644
--- a/src/certificates.rs
+++ b/src/certificates.rs
@@ -222,8 +222,13 @@ impl ResolvesServerCert for CertStore {
                 .map(|(_, k)| k)
                 .cloned()
         } else {
-            // This kind of resolver requires SNI.
-            None
+            // This kind of resolver requires SNI. Fallback to default cert.
+            // * must exist in the `.certificates` root
+            // * CN value can be any
+            self.certs
+                .iter()
+                .find(|(domain, _)| domain.is_empty())
+                .map(|(_, key)| Arc::clone(key))
         }
     }
 }