Using .acme.sh no option for Haproxy

After setup following this tutorial: HAProxy and Let’s Encrypt: Improved Support in acme.sh I tried to make a .pem certificate for Haproxy.

In the given sentence acme.sh --issue -d example.coml --nginx --server letsencrypt_test
--nginx is accepted and it generate in the /home/user/,acme.sh/example.com_ecc/ the certificates example.com.csr and example.com.key
Combine the two files with cat give:

-----BEGIN CERTIFICATE REQUEST-----
MIIBHjCBxgIBADAZMRcwFQYDVQQDDA52aWRlb2JhYmJlbC5ubDBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABPcWU5ehHt/rsitr2TSfDblQsBDIBQd9ofIYhLDoY2CT
trvYLuJfzj3V09DW4O8WqUzoeerwhbLGhkvloXEilDKgSzBJBgkqhkiG9w0BCQ4x
PDA6MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAZBgNVHREEEjAQgg52
aWRlb2JhYmJlbC5ubDAKBggqhkjOPQQDAgNHADBEAiBZiYgUsL1V2BDsdYXBDFLV
wK1dRItqhCp8AUN8etm44wIgZPqo3xrQXEn12iIa09Xsyu+yIy6s8yxG5/m8X5/s
gLw=
-----END CERTIFICATE REQUEST-----
-----BEGIN EC PRIVATE KEY-----
[EDITED TO REMOVE - @mcpherrinm ]
-----END EC PRIVATE KEY-----

This is the final contents of the example.pem file

My request:
Please add the option --haproxy to generate a good working .pem file that can be used direct in Haproxy
many users strucle to make this .pem file and the new .acme is not able to

Your post was automatically flagged because you posted a private key.

I have removed it from your post, and blocked the key in Let's Encrypt systems.

5 Likes

Should be raised as an issue to acme.sh. Here:

Why? cat file1 file2 > file3really isn't hard.

What do you mean, "the new .acme"? acme.sh has been around for quite a long time at this point, and AFAIK it's never hard this feature. If you think it should, the link above would be the place to raise it.

5 Likes

acme.sh --issue -d example.coml --nginx ... isn't mentioned in the guide there. They instead mention the haproxy deploy hook. That script automatically creates the combined cert+key PEM file.

I use the haproxy deploy hook at work with DEPLOY_HAPROXY_HOT_UPDATE=yes and it's been working well for us.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.