Re: [exim] Best way tls_certificate select

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MSławek at <-
MViktor Dukhovni at ->
Delete this message
Reply to this message
Author: Sławomir Dworaczek
Date:  
To: exim-users
Subject: Re: [exim] Best way tls_certificate select
Thats Works !
Thanks Arkadiusz !

key.${lc:${tls_sni}}.pem = key.mail.domain.com.pem

One more question, I want to force sslv3 encryption but I have a bug

tls_require_ciphers invalid: gnutls_priority_init(ALL:!ADH:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv3) failed at offset 0, "ALL:!ADH.." failed: The request is invalid.

Regards
Slawek

----- Original Message -----
From: Sławek
To: exim-users@???
Sent: Saturday, January 20, 2018 10:22 PM
Subject: RE: Best way tls_certificate select


letsebcrypt creates directory structure:
/etc/letsencrypt/live/mail.domain.com/ for one domain and
/etc/letsencrypt/live/mail.domain2.com for secound domain
this directories contains files: fulchain.pem and privkey.pem
This files is symlink from /etc/letsencrypt/atchive/mail.domain.com/fulchain1.pem
bacause if renew cert. Files in archive directory store as ...2


that's why it wants a variable to the set directory, not a file, unless you create a symlink ?



If symlink name cert.mail.domain.com.pem
you variable is ok ?


cert.${lc:${tls_sni}}.pem






Regards






Pozdrawiam
Sławomir Dworaczek


--------------------------------------------------------------------------------


<br><br>-------- Oryginalna wiadomość --------<br>Od: Sławek &lt;slawek@???&gt; <br>Data: 20.01.2018 21:23 (GMT+01:00) <br>Do: Sławek &lt;slawek@???&gt;, exim-users@??? <br>Temat: RE: Best way tls_certificate select <br><br>


--------------------------------------------------------------------------------


Ok i understand this variable cert.${lc:${tls_sni}}.pem = cert.mail.domain.com.pem yes ?
via tls_sni not based on the directory?




Regards

Sławomir Dworaczek


--------------------------------------------------------------------------------




Ok i understand this variable cert.${lc:${tls_sni}}.pem = cert.mail.domain.com.pem yes ? via tls_sni not based on the directory?

Regards
Sławomir Dworaczek
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Best way tls_certificate selectRe: [exim] Best way tls_certificate select->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)