On 2017-09-28, Darren Tucker <dtuc...@zip.com.au> wrote: > On 28 September 2017 at 06:32, mabi <m...@protonmail.ch> wrote: >> Thanks for the pointer regarding SNI not being supported in relayd. I will >> go on and find another solution, probably HAproxy. > > For a small number of domains it would probably be feasible to get a > single certificate with multiple SANs. Letsencrypt at least supports > this as long as all of the domains map (or can be made to map) to the > place requesting the certificate.
With the dns-01 challenge type they don't need to be mapped to the same place at all. Though the normal http-01 challenge requests don't use TLS, so it should be easy enough to proxy them, even with relayd.