#1396 Change of automated certificate search

Reporter Dominik "Etua" Danelski
Owner Nobody
Stars ★ (1)
  • Milestone-0.12
  • Status-Fixed
  • Priority-Medium
  • Type-Enhancement
  1. Dominik "Etua" Danelski on

    Current behaviour of automated certificate search does not work well with certs issued for multiple domains as in my understanding one should either override the setting completely in Prosody configuration file or create subdirectory for each hostname domain even if that means copying the same certificate to the multiple locations. My suggestion is to treat fullchain.pem and privkey.pem as the global certificates if they are placed in the main directory specified in "certificates = " setting and override it if HOSTNAME.pem or HOSTNAME subdirectory with proper files exist. That would not break compatibility with existing installations but improve (at least in my opinion) the general procedure.

  2. Zash on

    Prosody now inspects all certificates in the certificates directory and catalogues them by the hostnames they cover, then picks from that when initializing TLS states for the various services.

    • tags Milestone-0.12 Status-Fixed

New comment

Not published. Used for spam prevention and optional update notifications.