ssl_multicert.config: why not just wildcard support?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ssl_multicert.config: why not just wildcard support?

Reindl Harald
frankly why in the world can't you just say "take certificates from this
and that folder"?

we have at least 4 backend servers which will soon start to generate
their certificates and sync them via rsync to
/var/lib/letsencrypt/hostname/ on the ATS machine and it makes no sense
at all that you need to generate a "ssl_multicert.config" listing for
every possible domain the RSA and ECDSA certificate by name

ssl_cert_name=/var/lib/letsencrypt/host1/*.pem
ssl_cert_name=/var/lib/letsencrypt/host2/*.pem
ssl_cert_name=/var/lib/letsencrypt/host3/*.pem
ssl_cert_name=/var/lib/letsencrypt/host4/*.pem

[Sep  9 12:19:55.004] Server {0x2b8644cd7480} NOTE: loading SSL
certificate configuration from /etc/trafficserver/ssl_multicert.config
[Sep  9 12:19:55.004] Server {0x2b8644cd7480} ERROR:
SSL::47855679927424:error:02001002:system library:fopen:No such file or
directory:bss_file.c:175:fopen('/var/lib/letsencrypt/certs/*.pem','r')
[Sep  9 12:19:55.004] Server {0x2b8644cd7480} ERROR:
SSL::47855679927424:error:2006D080:BIO routines:BIO_new_file:no such
file:bss_file.c:182
[Sep  9 12:19:55.004] Server {0x2b8644cd7480} ERROR: failed to load
certificate chain from /var/lib/letsencrypt/certs/*.pem