Download raw body.
relayd w/ ipv6 not loading SNI certs
It looks like it has nothing to do with v6, it's the second listen where
it goes wrong.
When splitting it into two relays, it works:
relay default_tls_v4 {
listen on $local_v4 port 443 tls
protocol httpsfilter
forward to <localhost> port 443
}
relay default_tls_v6 {
listen on $local_v6 port 443 tls
protocol httpsfilter
forward to <localhost> port 443
}
Mischa
On 2026-04-28 15:06, Mischa wrote:
> Hi All,
>
> When using SNI within relayd and have IPv6 configured, it seems it's
> still looking for 2a03:6000:xx::xx.crt and 2a03:6000:xx::xx.key.
>
> # relayd -n -vvv
> relay_load_certfiles: using certificate /etc/ssl/xxx.high5.nl.crt
> relay_load_certfiles: using private key
> /etc/ssl/private/xxx.high5.nl.key
> /etc/relayd.conf:62: cannot load certificates for relay
> default_tls2:443
>
> #
> local_v4 = "46.23.xx.xx"
> local_v6 = "2a03:6000:xx::xx"
> table <localhost> { 127.0.0.1 }
> http protocol httpsfilter {
> tcp { nodelay, sack }
> tls keypair xxx.high5.nl
> tls { ciphers
> "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:AES-256-GCM-SHA384",
> ecdhe "default", no client-renegotiation }
>
> relay default_tls {
> listen on $local_v4 port 443 tls
> listen on $local_v6 port 443 tls
> protocol httpsfilter
> forward to <localhost> port 443
> }
> #
>
> Without "listen on $local_v6 port 443 tls" everything works like a
> charm.
>
> Mischa
relayd w/ ipv6 not loading SNI certs