On 12/8/21 00:10, Anthony J. Bentley wrote:
Jordan Geoghegan writes:
I generated a TLS cert with acme-client and tested and confirmed it
worked with httpd.
Do curl/wget/ftp behave the same with httpd? If so that would imply
the problem is with the certificate.
I then configured relayd to perform TLS acceleration
by following examples in the man pages. Everything works great when
tested from a web browser. However, when I try to fetch a file via curl,
wget or ftp etc, I get a cert validation error: (ip and domain removed
for privacy)
Did you generate a full chain certificate with acme-client?
Okay, mystery solved - I had my morning coffee and then it was obvious
after your hint re fullchain certificate.
relayd wasn't loading the pem file, it was loading the crt file, which
must be fullchain it seems. A tidbit I discovered on solene@'s blog also
confirmed this:
"For convenience, you will want to replace the path for the full chain
certificate to have `hostname.crt` instead of `hostname.fullchain.pem`
to match relayd expectations. "
Everything is working as expected now that I've made the changes.
Sorry for the noise.
Regards,
Jordan