I'm setting up a new 5.0.8 server and trying to configure TLS with SNI to support both irc.domain.org and subdomain.domain.org. I can add a tls-options section to the listen block and it works fine, although obviously not with SNI
Code: Select all
listen {
ip *;
port 6697;
options { tls; }
tls-options {
certificate "/etc/letsencrypt/live/subdomain.domain.org/fullchain.pem";
key "/etc/letsencrypt/live/subdomain.domain.org/privkey.pem";
};
}
However I don't appear to be able to override the default certificate via Set::TLS::*, so
Code: Select all
set {
tls {
certificate "/etc/letsencrypt/live/irc.domain.org/fullchain.pem";
key "/etc/letsencrypt/live/irc.domain.org/privkey.pem";
};
};
sni [i]subdomain.domain[/i].org {
tls-options {
certificate "/etc/letsencrypt/live/subdomain.domain.org/fullchain.pem";
key "/etc/letsencrypt/live/subdomain.domain.org/privkey.pem";
};
};
listen {
ip *;
port 6697;
options { tls; }
}
I've tried removing the sni block, moving the set block before the listen block, moving it after, moving the certificates into the conf/tls directory, and so on without effect. As far as I can tell, the Set::TLS::* block is just ignored, and with it ignored the SNI block is as well.
I can't find anything in the documentation, forums, or bug reports so have I misunderstood what the point of the Set::TLS block is, or is there something obvious that I'm done wrong?
Thanks