* trondd <[email protected]> le [10-02-2017 12:32:36 -0500]: > On Fri, February 10, 2017 11:48 am, Thuban wrote: > > Hello, > > I can't figure how to use letsencrypt certificates with relayd. I keep > > getting this error : > > > > # relayd -vvv -n > > /etc/relayd.conf:33: cannot load certificates for relay tlsforward > > > > > > My relayd.conf : > > > > # cat /etc/relayd.conf > > table <local> { 127.0.0.1 } > > ext_ip = 192.168.1.66 > > > > http protocol "https" { > > tcp { nodelay, sack, socket buffer 65536, backlog 100 } > > match response header set "Cache-Control" value "max-age=1814400" > > return error > > pass > > tls { no client-renegotiation, cipher-server-preference } > > tls ca key "/etc/letsencrypt/certificates/privkey.pem" password "" > > tls ca cert "/etc/letsencrypt/certificates/cert.pem" > > } > > > > > > relay "tlsforward" { > > listen on $ext_ip port 443 tls > > protocol "https" > > forward to <local> port 8443 mode loadbalance check tcp > > } > > > > > > > > Do you see any error or have any advice? > > > > Regards. > > > > thuban > > > > 'ca key' and 'ca cert' is for MITM roll your own certs on the fly. > > For server certs, like a web server would have, you don't specify them. > relayd looks for address:port.key and address:port.crt as per the 'listen > on' description in relayd.conf(5)
Ok, it works as expected now. I created symlinks to /etc/ssl/private/address.key and for address.crt. Thank you. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
