In relayd.conf you use something like this for each domain you are reverse proxying:
# load certs tls keypair www.example.com tls keypair www.another_example.net tls keypair www.third_example.com Put your certs in /etc/ssl/ and keys in /etc/ssl/private/ they have to be named so they match the domains in relayd.conf so for above: /etc/ssl/www.example.com.crt /etc/ssl/private/www.example.com.key and permissions on the /etc/ssl/private dir need to be restrictive. On Sun, 20 Sep 2020 at 08:15, Benjamin Raskin <benjaminiras...@gmail.com> wrote: > Hello, Misc; > > I'm attempting to configure relayd to work as a reverse proxy, such that > all > web traffic goes through relayd prior to reaching some web server. I'm > confused as to how I am to configure the ssl cert and key options in the > relayd configuration. The manual configures the protocol as follows: > > http protocol httpfilter { > tls ca key "/etc/ssl/private/ca.key" password "password123" > tls ca cert "/etc/ssl/ca.crt" > } > > Where do I get the password for the key? I'm using certbot to generate the > certs, and at no time was I prompted to enter, or given a password. Am I > missing something in terms of configuration or cert generation, or have I > gotten everything all wrong? Thank you in advance. > > > Ben Raskin > >