OP didn’t specify multiple certs or not. I think the solution is within grasp if OP tries it out.
> On Aug 31, 2025, at 6:59 PM, Stuart Henderson <[email protected]> wrote: > > On 2025/08/31 18:23, Brian Brombacher wrote: >> I’ve done this with let’s encrypt certificates. You specify multiple names >> in acme-client.conf and have them all go through the same relayd. > > That's a single cert though. OP wanted separate certs. It's possoble to > do that with pretty much any other current L7 proxy, just not with relayd. > > >>>> On Aug 31, 2025, at 6:02 PM, Stuart Henderson <[email protected]> >>>> wrote: >>> >>> On 2025-08-31, ashley <[email protected]> wrote: >>>> So, in summary, is it possible for relayd to know what the correct >>>> certificate to use is, before receiving the HTTP request from the >>>> client? Is this possible to achieve with SNI? I haven't found any >>>> mentions of SNI in the relayd man page, so I can only assume it >>>> doesn't support SNI? >>> >>> It is technically possible to do this via SNI, but relayd doesn't implement >>> that. >>> >>> Personally I recommend just using relayd for lower level (managing PF >>> redirects etc, and maybe basic L4 proxying) but using something other >>> than relayd (haproxy, nginx or others) for your L7 proxies. >>> >>> -- >>> Please keep replies on the mailing list. >>> >>
