Hello,
Great idea - thanks a bunch!
--Chad
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday 30. April 2020 kl. 19:07, Anthony J. Bentley <anth...@anjbe.name>
wrote:
> Chad Hoolie writes:
>
> > Why does "tls keypair" in relayd.conf look for the regular and not the
> > fullchain certificate?
>
> Certificate filenames are defined by your acme-client.conf.
>
> > Thus, forcing users who want an A+ certificate to spend hours
> > searching the web for this hack?
> > cd /etc/ssl
> > doas mv foobar.com.crt foobar.com.crt.bak
> > doas ln -s foobar.com.fullchain.pem foobar.com.crt
>
> Rather than symlink, just tell acme-client to create certificates with
> the filename relayd expects.
>
> domain example.com {
> domain key "/etc/ssl/private/example.com.key"
> domain full chain certificate "/etc/ssl/example.com.crt"
> sign with letsencrypt
> }
