Hello, On 2024/02/27 09:14:59 -0500, "Jag Talon" <jag@aangat.lahat.computer> wrote: > On Mon Feb 26, 2024 at 11:14 PM EST, la-ninpre wrote: > > On 26 February 2024 22:45:18 UTC, Jag Talon <jag@aangat.lahat.computer> > > wrote: > > > Bumping REVISION as well. > > > > > > > Hello, > > thank you for suggesting this change, I haven't noticed this before, > > because in testing environment i wasn't using ssl and in 'production' I > > already had this symlink. The patch is fine by me, but i'm thinking that > > maybe it would be better to unify the two patches. What do you think? > > Thank you I'm glad you like the changes. I have the unified diff attached! > > ok?
[...] > --- pkg/README 8 Sep 2022 13:35:47 -0000 1.1.1.1 > +++ pkg/README 27 Feb 2024 14:04:07 -0000 > @@ -58,6 +58,11 @@ acme-client(1)) and start httpd(8) and r > # rcctl enable httpd relayd > # rcctl start httpd relayd > > +If you already have a certificate following the acme-client.conf > +default template, make sure to create the following symlink to prevent > +SEC_ERROR_UNKNOWN_ISSUER issues on some browsers: > + > +# ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com.crt I'm not a relayd user, but this seems to me the wrong place to put this information. If I understand correctly relayd is not loading the fullchain cert, due to the (IMHO silly) rules of how it loads the certificates in /etc/. If this is the case, then I'd consider this "common relayd knowledge" and putting a workaround in a random port' README seems wrong.
