trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject ssl_multicert.config: why not just wildcard support?
Date Sat, 09 Sep 2017 10:24:43 GMT
frankly why in the world can't you just say "take certificates from this 
and that folder"?

we have at least 4 backend servers which will soon start to generate 
their certificates and sync them via rsync to 
/var/lib/letsencrypt/hostname/ on the ATS machine and it makes no sense 
at all that you need to generate a "ssl_multicert.config" listing for 
every possible domain the RSA and ECDSA certificate by name

ssl_cert_name=/var/lib/letsencrypt/host1/*.pem
ssl_cert_name=/var/lib/letsencrypt/host2/*.pem
ssl_cert_name=/var/lib/letsencrypt/host3/*.pem
ssl_cert_name=/var/lib/letsencrypt/host4/*.pem

[Sep  9 12:19:55.004] Server {0x2b8644cd7480} NOTE: loading SSL 
certificate configuration from /etc/trafficserver/ssl_multicert.config
[Sep  9 12:19:55.004] Server {0x2b8644cd7480} ERROR: 
SSL::47855679927424:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:175:fopen('/var/lib/letsencrypt/certs/*.pem','r')
[Sep  9 12:19:55.004] Server {0x2b8644cd7480} ERROR: 
SSL::47855679927424:error:2006D080:BIO routines:BIO_new_file:no such 
file:bss_file.c:182
[Sep  9 12:19:55.004] Server {0x2b8644cd7480} ERROR: failed to load 
certificate chain from /var/lib/letsencrypt/certs/*.pem

Mime
View raw message