RE: Parker, "I really hate OpenSSL"
As of this writing,
works in bollux, so I'm not sure what was going on earlier.
However, I've had some issues with sites not connecting in the past, and it turns out the problem was that
openssl req -x509 -newkey
defaults to using a v1 certificate, which does not support SNI. Self-signing server authors need to make sure that they use v3 certificates (which I'm not sure how to requisition with openssl; I've yet to set a cert up myself. Though I found an answer on serverfault that might help.)
"openssl keeps creating v1 certificate instead of v3" on serverfault
It'd be nice if someone could write a "best practices for server people" document. Or add it to the