mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-17 14:37:02 +00:00
chasquid: De-couple TLS certificates from domains
Having the certificates inside the domain directory may cause some confusion, as it's possible they're not for the same name (they should be for the MX we serve as, not the domain itself). So it's not a problem if we have domains with no certificates (we could be their MX with another name), and we could have more than one certificate per "domain" (if we act as MXs with different names). So this patch moves the certificates out of the domains into a new certs/ directory, where we do a one-level deep lookup for the files. While at it, change the names of the files to "fullchain.pem" and "privkey.pem", which match the names generated by the letsencrypt client, to make it easier to set up. There's no general convention for these names anyway.
This commit is contained in:
Alberto Bertogli
@@ -4,7 +4,7 @@ host srv-chasquid
|
||||
port 1587
|
||||
|
||||
tls on
|
||||
tls_trust_file config/domains/srv-chasquid/cert.pem
|
||||
tls_trust_file config/certs/srv-chasquid/fullchain.pem
|
||||
|
||||
from user@srv-chasquid
|
||||
|
||||
|
||||
Reference in New Issue
Block a user