Using .acme.sh no option for Haproxy

Feature Requests
1

After setup following this tutorial: HAProxy and Let’s Encrypt: Improved Support in acme.sh I tried to make a .pem certificate for Haproxy.

In the given sentence acme.sh --issue -d example.coml --nginx --server letsencrypt_test
--nginx is accepted and it generate in the /home/user/,acme.sh/example.com_ecc/ the certificates example.com.csr and example.com.key
Combine the two files with cat give:

-----BEGIN CERTIFICATE REQUEST-----
MIIBHjCBxgIBADAZMRcwFQYDVQQDDA52aWRlb2JhYmJlbC5ubDBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABPcWU5ehHt/rsitr2TSfDblQsBDIBQd9ofIYhLDoY2CT
trvYLuJfzj3V09DW4O8WqUzoeerwhbLGhkvloXEilDKgSzBJBgkqhkiG9w0BCQ4x
PDA6MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAZBgNVHREEEjAQgg52
aWRlb2JhYmJlbC5ubDAKBggqhkjOPQQDAgNHADBEAiBZiYgUsL1V2BDsdYXBDFLV
wK1dRItqhCp8AUN8etm44wIgZPqo3xrQXEn12iIa09Xsyu+yIy6s8yxG5/m8X5/s
gLw=
-----END CERTIFICATE REQUEST-----
-----BEGIN EC PRIVATE KEY-----
[EDITED TO REMOVE - @mcpherrinm ]
-----END EC PRIVATE KEY-----

This is the final contents of the example.pem file

My request:
Please add the option --haproxy to generate a good working .pem file that can be used direct in Haproxy
many users strucle to make this .pem file and the new .acme is not able to

2

Your post was automatically flagged because you posted a private key.

I have removed it from your post, and blocked the key in Let's Encrypt systems.

5 Likes
3

Should be raised as an issue to acme.sh. Here:

Why? cat file1 file2 > file3really isn't hard.

What do you mean, "the new .acme"? acme.sh has been around for quite a long time at this point, and AFAIK it's never hard this feature. If you think it should, the link above would be the place to raise it.

5 Likes
4

acme.sh --issue -d example.coml --nginx ... isn't mentioned in the guide there. They instead mention the haproxy deploy hook. That script automatically creates the combined cert+key PEM file.

I use the haproxy deploy hook at work with DEPLOY_HAPROXY_HOT_UPDATE=yes and it's been working well for us.

5 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.