Changeset

--- a/core/portmanager.lua	Sun Mar 23 20:19:09 2025 +0100
+++ b/core/portmanager.lua	Mon Mar 31 12:21:22 2025 +0100
@@ -245,22 +245,26 @@
 	for name, interface, port, n, active_service --luacheck: ignore 213
 		in active_services:iter(service, nil, nil, nil) do
 		if active_service.server and active_service.tls_cfg then
+			local config_prefix = (active_service.config_prefix or name).."_";
+			if config_prefix == "_" then config_prefix = ""; end
+			local prefix_ssl_config = config.get(host, config_prefix.."ssl");
 			local alternate_host = name and config.get(host, name.."_host");
 			if not alternate_host and name == "https" then
 				-- TODO should this be some generic thing? e.g. in the service definition
 				alternate_host = config.get(host, "http_host");
 			end
-			local autocert = certmanager.find_host_cert(alternate_host or host);
-			local manualcert = active_service.tls_cfg;
-			local certificate = (autocert and autocert.certificate) or manualcert.certificate;
-			local key = (autocert and autocert.key) or manualcert.key;
-			local ok, err = active_service.server:sslctx():set_sni_host(
-				host,
-				certificate,
-				key
-			);
-			if not ok then
+			local ssl, err, cfg = certmanager.create_context(alternate_host or host, "server", prefix_ssl_config, active_service.tls_cfg);
+			if not ssl then
 				log("error", "Error creating TLS context for SNI host %s: %s", host, err);
+			else
+				local ok, err = active_service.server:sslctx():set_sni_host(
+					host,
+					cfg.certificate,
+					cfg.key
+					);
+				if not ok then
+					log("error", "Error creating TLS context for SNI host %s: %s", host, err);
+				end
 			end
 		end
 	end