Apologies yes, my error. I forgot I divert traffic using pf to my relayd listener.
I've never seen/used a wildcard listen address in relayd before but I'm guessing that, in your case, a listener is created for each ip on every interface. This ofcourse raises the question: does every ip on every one of your interfaces map to one of your hosts? I ask this as I'm relatively certain relayd will expect a TLS certificate for each address it listens on, regardless of whether it forwards traffic from that IP to some host or not. This would explain why it complains that the IPv4 listener 'secure4' was unable to load a certificate. Regards, JP On 21/05/28 09:33pm, Philip Kaludercic wrote: > That confuses me, as one the one hand the manual says > > The relay will attempt to look up a private key in > /etc/ssl/private/name:port.key and a public certificate in > /etc/ssl/name:port.crt, WHERE PORT IS THE SPECIFIED PORT THAT THE > RELAY LISTENS ON. > > which would mean that the certificate should be called localhost:443 (or > 127.0.0.1:443), but then again the same paragraph says > > If not specified, a keypair will be loaded using the specified IP > address of the relay as name. > > Which I read as saying that it will try to use /etc/ssl/secure.key, in > my case. That obviously won't work, as I need different certificates for > different domains. > > -- > Philip K. >
