Renew Results in Expired Cert?

rayj00 · December 12, 2022, 10:57pm

root@HAProxy:/etc/haproxy# ls -l /etc/haproxy/certs
total 88
-rw-r--r-- 1 root root 7320 Dec 11 20:13 bcast.streamingworld.us.pem
-rw-r--r-- 1 root root 7320 Oct 17 19:43 conf.streamingworld.us.pem
-rw-r--r-- 1 root root 7333 Mar 28 2022 mult-bcast.streamingworld.us.pem
-rw-r--r-- 1 root root 7328 Dec 26 2021 patriots.streamingworld.us.pem
-rw-r--r-- 1 root root 7341 Nov 22 2021 patriotsplace.streamingworld.us.pem
-rw-r--r-- 1 root root 7316 Mar 12 2022 rayj.streamingworld.us.pem
-rw-r--r-- 1 root root 7328 Mar 19 2022 rcjBcast.streamingworld.us.pem
-rw-r--r-- 1 root root 7300 Dec 11 21:38 streamingworld.us.pem
-rw-r--r-- 1 root root 7316 Dec 12 15:32 test.streamingworld.us.pem
-rw-r--r-- 1 root root 7316 Jan 30 2022 wow.streamingworld.us.pem
-rw-r--r-- 1 root root 7316 Dec 15 2021 www.streamingworld.us.pem
root@HAProxy:/etc/haproxy#

Some of these are also expired. I have not gotten around to renew them. And these are all test domains for me to experiment (learn) with.

MikeMcQ · December 12, 2022, 11:07pm

Have you just tried rebooting your server?

And, have you double-checked the HAProxy conf to see if it has the correct name for the test cert file?

I see the cert being used by HAProxy for test.streamingworld.us was issued on Dec26 2021 but there have been several certs for that name issued since then. Is this the first time you've tried to update this name?

Osiris · December 13, 2022, 6:42am

That's simply the long chain? Short chain: leaf cert + intermediate. Long chain: leaf cert + intermediate + ISRG Root X1 signed by DST Root X3.

Also, I'll repeat myself:

rayj00 · December 13, 2022, 7:12pm

It's not the first time I am updating the cert.

rayj00 · December 13, 2022, 7:14pm

acl testbox hdr(host) -i test.streamingworld.us
use_backend testenv if testbox

backend testenv
balance leastconn
http-request set-header X-Client-IP %[src]
redirect scheme https if ! { ssl_fc }
server testing test.lxd:80 check

Osiris · December 13, 2022, 7:18pm

I don't see any TLS configuration?

rayj00 · December 13, 2022, 7:34pm

global
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM

Osiris · December 13, 2022, 7:34pm

I still don't see any reference to the certificate on the disk.

system · January 12, 2023, 7:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.