diff --git a/index.js b/index.js
index c445c43..7c61d2d 100644
--- a/index.js
+++ b/index.js
@@ -557,7 +557,8 @@ Greenlock.create = function (gl) {
         req.headers.host = host.join(':');
       }
 
-      if (!gl.__sni_allow_domain_fronting) {
+      // Note: This sanitize function is also called on plain sockets, which don't need Domain Fronting checks
+      if (req.socket.encrypted && !gl.__sni_allow_domain_fronting) {
         if (req.socket && 'string' === typeof req.socket.servername) {
           // Workaround for https://github.com/nodejs/node/issues/22389
           if (!gl._checkServername(safehost, req.socket.servername.toLowerCase())) {
diff --git a/package.json b/package.json
index 2384555..8825e1e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "greenlock",
-  "version": "2.4.7",
+  "version": "2.4.8",
   "description": "Let's Encrypt for node.js on npm",
   "main": "index.js",
   "files": [