James Chase writes: > /etc/relayd.conf:25: cannot load keypair nextcloud.mydomain.com > for relay secure_proxy > > The keys are in /etc/ssl/ and /etc/ssl/private, and I got them from > acme-client via lets encrypt. Named: > nextcloud.mydomain.com:443.fullchain.crt > and > nextcloud.mydomain.com:443.key
>From relayd.conf(5): keypair name The relay will attempt to look up a private key in /etc/ssl/private/name:port.key and a public certificate in /etc/ssl/name:port.crt, where port is the specified port that the relay listens on. If these files are not present, the relay will continue to look in /etc/ssl/private/name.key and /etc/ssl/name.crt. So you need to tell acme-client to generate a fullchain certificate simply called name:port.crt, not name:port.fullchain.crt. -- Anthony J. Bentley