The web UI connects to the vault API via gRPC using the Docker
compose service name (e.g., "metacrypt:9443"), but the vault's TLS
certificate has SANs for "crypt.metacircular.net" and "localhost".
The new vault_sni config field overrides the TLS ServerName so
certificate verification succeeds despite the hostname mismatch.
Also updates metacrypt-rift.toml with vault_sni and temporarily
binds the web UI port to 0.0.0.0 for direct access until mc-proxy
is deployed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Kyle Isom
656f22e19b