Hi,
I have been trying to configure relayd for a few days now to multiplex multiple servers running on the same local machine, while at the same time taking care of TLS. A simplified state of my configuration looks something like this: log connection log state changes table <httpd> { 127.0.0.1 } table <serv1> { 127.0.0.1 } table <serv2> { 127.0.0.1 } table <acme> { 127.0.0.1 } http protocol "http" { match request header "Host" value "example.com" forward to <httpd> match request header "Host" value "sub.example.com" forward to <serv1> match request header "Host" value "beispiel.de" forward to <serv2> match request path "/.well-known/acme*" forward to <acme> } http protocol "https" { tls keypair "example.com" # responsible for example.com and sub.example.com tls keypair "beispiel.de" match request header "Host" value "example.com" forward to <httpd> match request header "Host" value "sub.example.com" forward to <serv1> match request header "Host" value "beispiel.de" forward to <serv2> match request path "/.well-known/acme*" forward to <acme> } relay plain { listen on * port http protocol "http" forward to <httpd> port 8080 forward to <serv1> port 8081 forward to <serv2> port 8082 forward to <acme> port 8080 } relay secure { listen on * port https tls protocol "https" forward to <httpd> port 8080 forward to <serv1> port 8081 forward to <serv2> port 8082 forward to <acme> port 8080 } The "plain" relayd works just the way it should, it redirects every request to the right destination. "secure" on the other hand triggers an error I cannot make sense of: # relayd -nvvv relay_load_certfiles: using certificate /etc/ssl/example.com:443.crt relay_load_certfiles: using private key /etc/ssl/private/example.com:443.key relay_load_certfiles: using certificate /etc/ssl/beispiel.de:443.crt relay_load_certfiles: using private key /etc/ssl/private/beispiel.de:443.key /etc/relayd.conf:46: cannot load certificates for relay secure4:443 I have looked into the source code, but couldn't find where "secure4" comes from. The certificates and keys were generated using acme-client, and they have the default permissions (crt is 444, key is 400). Am I doing the right thing here, considering what I want to achieve? I would be very grateful for any comments or hints on what I could be doing wrong. -- Philip K.