On 21/12/17 02:27, richard-tx wrote:
I came up with a solution. What I did was to get one cert that covers
multiple https websites. Letsencrypt.com permits you to have multiple
hostnames. The software certbot allows you to put multiple FQDNs in a
single request or to extend any existing cert. The certs from
letsencrypt.com is not tied to an IP address, so if your external facing IP
address changes, that presents no issues.
On the plus side, since all communications between squid and the server are
over http, that relieves the already busy webserver from the jobs of
encrypting/decrypting and places it on the reverse proxy. Starting next
year, letsencrypt will start issuing wildcard certs.
Good to know both of those, because since my last reply investigation of
the way OpenSSL API loads certificates is presenting bad news for being
able to load multiple certs any time soon.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
