Hello again,
Given the following httpd.conf(5) configuration on an OpenBSD 5.9-stable
machine…
server "pole.net.nz" {
hsts preload
hsts subdomains
listen on egress tls port 443
root "/htdocs/pole.net.nz"
tls certificate "/etc/letsencrypt/live/cellsites.nz/fullchain.pem"
tls key "/etc/letsencrypt/live/cellsites.nz/privkey.pem”
}
…all works as expected (or in other words, `httpd -n` doesn’t complain).
I will be using the same certificate for several websites since httpd(8) does
not yet support SNI. So I thought I would create a macro for the path to the
TLS certificate and key file and refer to it. So I changed my httpd.conf as
follows…
abc="/etc/letsencrypt/live/cellsites.nz/fullchain.pem"
def="/etc/letsencrypt/live/cellsites.nz/privkey.pem"
server "pole.net.nz" {
hsts preload
hsts subdomains
listen on egress tls port 443
root "/htdocs/pole.net.nz"
tls certificate $abc
tls key $def
}
…however `httpd -n` fails with the following error …
$ doas httpd -n
/etc/httpd.conf:8: syntax error
no actions, nothing to do
A similar error occurs if I explicitly define the path for the certificate
(i.e. without using the macro) and use the macro for the key.
Are macros not supported for the 'tls certificate' and 'tls key' options?
Regards,
James
