On Fri, February 10, 2017 11:48 am, Thuban wrote:
> Hello,
> I can't figure how to use letsencrypt certificates with relayd. I keep
> getting this error :
>
> # relayd -vvv -n
> /etc/relayd.conf:33: cannot load certificates for relay tlsforward
>
>
> My relayd.conf :
>
> # cat /etc/relayd.conf
> table <local> { 127.0.0.1 }
> ext_ip = 192.168.1.66
>
> http protocol "https" {
> tcp { nodelay, sack, socket buffer 65536, backlog 100 }
> match response header set "Cache-Control" value "max-age=1814400"
> return error
> pass
> tls { no client-renegotiation, cipher-server-preference }
> tls ca key "/etc/letsencrypt/certificates/privkey.pem" password ""
> tls ca cert "/etc/letsencrypt/certificates/cert.pem"
> }
>
>
> relay "tlsforward" {
> listen on $ext_ip port 443 tls
> protocol "https"
> forward to <local> port 8443 mode loadbalance check tcp
> }
>
>
>
> Do you see any error or have any advice?
>
> Regards.
>
> thuban
>
'ca key' and 'ca cert' is for MITM roll your own certs on the fly.
For server certs, like a web server would have, you don't specify them.
relayd looks for address:port.key and address:port.crt as per the 'listen
on' description in relayd.conf(5)
