On 21/12/17 02:27, richard-tx wrote:
I came up with a solution. What I did was to get one cert that covers multiple https websites. Letsencrypt.com permits you to have multiple hostnames. The software certbot allows you to put multiple FQDNs in a single request or to extend any existing cert. The certs from letsencrypt.com is not tied to an IP address, so if your external facing IP address changes, that presents no issues. On the plus side, since all communications between squid and the server are over http, that relieves the already busy webserver from the jobs of encrypting/decrypting and places it on the reverse proxy. Starting next year, letsencrypt will start issuing wildcard certs.
Good to know both of those, because since my last reply investigation of the way OpenSSL API loads certificates is presenting bad news for being able to load multiple certs any time soon.
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
