Jean-Pierre de Villiers <jeanpie...@jeanpierredevilliers.xyz> writes:
> Personally, I would drop the keypairs you define and rename the > certificates as 'localhost.crt' for example.com and its subdomain and a > certificate 'localhost:8082' for handling beispiel.de. Similarly, > repeat this for the private keys as well. I tried this out, but it didn't help ._. Now it doesn't even appear to notice the certificates, as the output now is just relayd -nvvv /etc/relayd.conf:43: cannot load certificates for relay secure But "at least", it says "secure" instead of "secure4:443"? I am wondering if this could be a bug? It appears to make no sense to me... > No further configuration is needed after that. See the description of > 'keypair' under the PROTOCOLS section in relayd.conf(8). That confuses me, as one the one hand the manual says The relay will attempt to look up a private key in /etc/ssl/private/name:port.key and a public certificate in /etc/ssl/name:port.crt, WHERE PORT IS THE SPECIFIED PORT THAT THE RELAY LISTENS ON. which would mean that the certificate should be called localhost:443 (or 127.0.0.1:443), but then again the same paragraph says If not specified, a keypair will be loaded using the specified IP address of the relay as name. Which I read as saying that it will try to use /etc/ssl/secure.key, in my case. That obviously won't work, as I need different certificates for different domains. -- Philip K.