James Chase writes:
> /etc/relayd.conf:25: cannot load keypair nextcloud.mydomain.com
> for relay secure_proxy
>
> The keys are in /etc/ssl/ and /etc/ssl/private, and I got them from
> acme-client via lets encrypt. Named:
> nextcloud.mydomain.com:443.fullchain.crt
> and
> nextcloud.mydomain.com:443.key
From relayd.conf(5):
keypair name
The relay will attempt to look up a private key in
/etc/ssl/private/name:port.key and a public certificate
in /etc/ssl/name:port.crt, where port is the specified
port that the relay listens on. If these files are not
present, the relay will continue to look in
/etc/ssl/private/name.key and /etc/ssl/name.crt.
So you need to tell acme-client to generate a fullchain certificate
simply called name:port.crt, not name:port.fullchain.crt.
--
Anthony J. Bentley
No comments:
Post a Comment