Reindl Harald
2017-09-09 10:24:43 UTC
frankly why in the world can't you just say "take certificates from this
and that folder"?
we have at least 4 backend servers which will soon start to generate
their certificates and sync them via rsync to
/var/lib/letsencrypt/hostname/ on the ATS machine and it makes no sense
at all that you need to generate a "ssl_multicert.config" listing for
every possible domain the RSA and ECDSA certificate by name
ssl_cert_name=/var/lib/letsencrypt/host1/*.pem
ssl_cert_name=/var/lib/letsencrypt/host2/*.pem
ssl_cert_name=/var/lib/letsencrypt/host3/*.pem
ssl_cert_name=/var/lib/letsencrypt/host4/*.pem
[Sep 9 12:19:55.004] Server {0x2b8644cd7480} NOTE: loading SSL
certificate configuration from /etc/trafficserver/ssl_multicert.config
[Sep 9 12:19:55.004] Server {0x2b8644cd7480} ERROR:
SSL::47855679927424:error:02001002:system library:fopen:No such file or
directory:bss_file.c:175:fopen('/var/lib/letsencrypt/certs/*.pem','r')
[Sep 9 12:19:55.004] Server {0x2b8644cd7480} ERROR:
SSL::47855679927424:error:2006D080:BIO routines:BIO_new_file:no such
file:bss_file.c:182
[Sep 9 12:19:55.004] Server {0x2b8644cd7480} ERROR: failed to load
certificate chain from /var/lib/letsencrypt/certs/*.pem
and that folder"?
we have at least 4 backend servers which will soon start to generate
their certificates and sync them via rsync to
/var/lib/letsencrypt/hostname/ on the ATS machine and it makes no sense
at all that you need to generate a "ssl_multicert.config" listing for
every possible domain the RSA and ECDSA certificate by name
ssl_cert_name=/var/lib/letsencrypt/host1/*.pem
ssl_cert_name=/var/lib/letsencrypt/host2/*.pem
ssl_cert_name=/var/lib/letsencrypt/host3/*.pem
ssl_cert_name=/var/lib/letsencrypt/host4/*.pem
[Sep 9 12:19:55.004] Server {0x2b8644cd7480} NOTE: loading SSL
certificate configuration from /etc/trafficserver/ssl_multicert.config
[Sep 9 12:19:55.004] Server {0x2b8644cd7480} ERROR:
SSL::47855679927424:error:02001002:system library:fopen:No such file or
directory:bss_file.c:175:fopen('/var/lib/letsencrypt/certs/*.pem','r')
[Sep 9 12:19:55.004] Server {0x2b8644cd7480} ERROR:
SSL::47855679927424:error:2006D080:BIO routines:BIO_new_file:no such
file:bss_file.c:182
[Sep 9 12:19:55.004] Server {0x2b8644cd7480} ERROR: failed to load
certificate chain from /var/lib/letsencrypt/certs/*.pem