hmm...
Then the HTTPS vhost is not configured like the HTTP vhost.
[only one is setup for the challenge requests]
Perhaps you could instruct HAProxy to allow the ACME challenge requests through as HTTP [and redirect all other requests].
2 Likes
There are also online tools to help assist, some can do similar to what @MikeMcQ did with curl.
Here are a few
3 Likes
And in case it hasn't been mentioned:
Testing should be done with the LE testing/staging environment.
4 Likes
I thought of something like netcat to check for open ports (with public ip or icanhazip), but maybe I'm mixing up something. I saw the domain I wanted to access when doing curl -i.
@Bruce5051 Wow thank you for the information! That helps a lot.
@rg305 Do you mean the --test flag? I tried that, but it did not make a difference with the .sh script?
Here is the HAProxy configuration, maybe somebody can point me to the right direction in accepting ACME requests. Info: I just got one public IP.
global
maxconn 1000
stats socket /tmp/haproxy.socket level admin expose-fd listeners
uid 80
gid 80
nbproc 1
nbthread 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
tune.ssl.default-dh-param 2048
server-state-file /tmp/haproxy_server_state
listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats admin if TRUE
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000
frontend HTTPSFrontendNextcloud-merged
bind 192.168.1.135:443 name 192.168.1.135:443
mode tcp
log global
timeout client 30000
tcp-request inspect-delay 5s
acl NextcloudSNI req.ssl_sni -i [redacted nextcloud.tld]
acl Service2 req.ssl_sni -i [redacted service2.tld]
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend BackendNextcloud_ipvANY if NextcloudSNI
use_backend BackendService2-portal_ipvANY if Service2
frontend HTTPFrontend-copy2
bind 192.168.1.135:80 name 192.168.1.135:80
mode http
log global
option http-keep-alive
timeout client 30000
acl httpRedirectACL var(txn.txnhost) -m sub -i [redacted nextcloud.tld]
acl httpRedirectACL var(txn.txnhost) -m sub -i [redacted service2.tld]
http-request set-var(txn.txnhost) hdr(host)
use_backend nextcloudHTTP_ipvANY if httpRedirectACL
default_backend nextcloudHTTP_ipvANY
backend BackendNextcloud_ipvANY
mode tcp
id 100
log global
timeout connect 30000
timeout server 30000
retries 3
server Nextcloud 10.10.40.11:443 id 101
backend BackendService2-portal_ipvANY
mode tcp
id 107
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk GET /
server Service2 10.10.40.8:8080 id 106 check inter 1000
backend nextcloudHTTP_ipvANY
mode http
id 105
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
server Nextcloud 10.10.40.11:80 id 108 check inter 1000
Try:
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.