I’ve done this with let’s encrypt certificates. You specify multiple names in acme-client.conf and have them all go through the same relayd.
> On Aug 31, 2025, at 6:02 PM, Stuart Henderson <[email protected]> > wrote: > > On 2025-08-31, ashley <[email protected]> wrote: >> So, in summary, is it possible for relayd to know what the correct >> certificate to use is, before receiving the HTTP request from the >> client? Is this possible to achieve with SNI? I haven't found any >> mentions of SNI in the relayd man page, so I can only assume it >> doesn't support SNI? > > It is technically possible to do this via SNI, but relayd doesn't implement > that. > > Personally I recommend just using relayd for lower level (managing PF > redirects etc, and maybe basic L4 proxying) but using something other > than relayd (haproxy, nginx or others) for your L7 proxies. > > -- > Please keep replies on the mailing list. >
