* trondd le [10-02-2017 12:32:36 -0500]:
> On Fri, February 10, 2017 11:48 am, Thuban wrote:
> > Hello,
> > I can't figure how to use letsencrypt certificates with relayd. I keep
> > getting this error :
> >
> > # relayd -vvv -n
> > /etc/relayd.conf:33: cannot load certificates for relay tlsforward
> >
> >
> > My relayd.conf :
> >
> > # cat /etc/relayd.conf
> > table { 127.0.0.1 }
> > ext_ip = 192.168.1.66
> >
> > http protocol "https" {
> > tcp { nodelay, sack, socket buffer 65536, backlog 100 }
> > match response header set "Cache-Control" value "max-age=1814400"
> > return error
> > pass
> > tls { no client-renegotiation, cipher-server-preference }
> > tls ca key "/etc/letsencrypt/certificates/privkey.pem" password
""
> > tls ca cert "/etc/letsencrypt/certificates/cert.pem"
> > }
> >
> >
> > relay "tlsforward" {
> > listen on $ext_ip port 443 tls
> > protocol "https"
> > forward to port 8443 mode loadbalance check tcp
> > }
> >
> >
> >
> > Do you see any error or have any advice?
> >
> > Regards.
> >
> > thuban
> >
>
> 'ca key' and 'ca cert' is for MITM roll your own certs on the fly.
>
> For server certs, like a web server would have, you don't specify them.
> relayd looks for address:port.key and address:port.crt as per the 'listen
> on' description in relayd.conf(5)
Ok, it works as expected now. I created symlinks to
/etc/ssl/private/address.key
and for address.crt.
Thank you.
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]