> On Nov 19, 2021, at 02:24, Slaven Rezic <sla...@rezic.de> wrote:
>
> 18. 11. 2021. u 16:10, Felipe Gasper piše:
>
>> Hi all,
>>
>> I’m unable to connect to this site via TLS.
>>
>> What would it take to Let’s-Encrypt-ify this? Tools for making this
>> happen abound, in Perl and every other desirable language. LMK if I can do
>> anything to help.
>>
>> Cheers,
>> -Felipe (FELIPE)
>>
> Hi Felipe,
>
> Not possible in the current setup: while perlbal is SSL-capable, it cannot
> handle SNI. Migrating to another reverse proxy would be possible only if the
> current blacklist & throttling configuration (which is really crucial!) could
> be reconstructed.
So, I’m looking at this again.
IO::Socket::SSL itself supports SNI; would it just be a matter of implementing
storage for the different hostnames’ cert/key files?
It could be as simple as just having a directory with different files named for
the hostname.
Assuming the # of hostnames isn’t large, Perlbal could just load them at
startup time.
-F
