Hello,
Am 30.04.2017 um 22:16 schrieb Daniel Schneller: > Hi! > > Yes, you got it right. I have no idea if there are technical limitations in > the SSL library or other parts of the code that would make several > certificate/key pairs for the same domain infeasible. > > If there were hard restrictions, it could certainly be done "externally" with > a set of clever scripts and haproxy reloads, but IMO it would be a less > brittle solution if it were built right in. Also, it wouldn't require > separate scripts per platform and init system (SysV, systemd, …). > > Daniel Similar to the "Certificate order" thread, this is a very specific requirement that only a handful of people require and it is imho best achieved with external configuration tools. If we implement everyone of those use-cases we are gonna transform haproxy into Microsoft Office. I'm opposed to heavy feature-bloating for provisioning use-cases, that can quite easily fixed where the fix belongs - the provisioning layer. Those are just my two cents though ... cheers, lukas