The only difference I notice between our configs is that your
hostname.crt simlink goes to the leaf certificate and not the full
chain. I've tried that as well to the same effect. This is leading me
again to thinking it's to do with sparc64 architecture (or big endian
generally) and not my configs.
--
Regards,
David E. McMackins II
www.mcmackins.org
On Wed, 2024-08-21 at 20:13 +0200, Sven Wolf wrote:
> Hi David,
>
> I run vger 2.0.1 on amd64 as written by solene.
> my relayd.conf looks like yours
>
> cat /etc/relayd.conf
>
>
> log connection
> tcp protocol "gemini" {
> tls keypair <some-fqdn-hostname>
> }
>
> relay "gemini" {
> listen on <some-fqdn-hostname> port 1965 tls
> protocol "gemini"
> forward to 127.0.0.1 port 8965
> }
>
> I also use the acme-client to create/update the cert.
>
> cat /etc/acme-client.conf
> domain <some-fqdn-hostname> {
> alternative names { <some-fqdn-hostnames> }
> domain key "/etc/ssl/private/<some-fqdn-hostname>.key"
> domain certificate "/etc/ssl/<some-fqdn-hostname>.pem"
> domain full chain certificate
> "/etc/ssl/<some-fqdn-hostname>.fullchain.pem"
> sign with letsencrypt
> }
>
> And I also created the symlink for the certificate
> /etc/ssl/<some-fqdn-hostname>.crt -> <some-fqdn-hostname>.pem
>
> I don't have any problems with this setup.
>
> Best regards,
> Sven
>
> On 8/21/24 15:25, David McMackins II wrote:
> > Thanks. I should have mentioned I did already try adding the "tls
> > tlsv1" directive in the gemini protocol section and it yielded the
> > same
> > result, so I removed it before opening this thread.
> >
>
>
