haproxy 2.8
I'm following instructions in a wiki and I'm at the point where to obtain the certificates.
root@ubuntu:~# sudo -u acme -s
acme@ubuntu2204:~$ acme.sh --issue -d domain1.com --stateless
Before launching this command, I'm thinking about the number of domains I actually would like to have in my certificate, mail, imap, www, some.other.domain etc.
How can I combine them here into one certificate? Give multiple -d arguments?
yes but did you configed hproxy for stateless?
yes but did you configed hproxy for stateless?
I 'm following the instructions in the cited Wiki and I think the advised configuration changes provide for this mode ("stateless"). It is mentioned there.
The process of fetching the certificates using acme.sh seemd to have worked.
The certificates were placed into /var/lib/acme/.acme.sh/www.mydomain.org_ecc/.
Also the subsequent deployment seemed to have worked:
/etc/haproxy/certs/www.mydomain.org.pem
So far so good, but
root@mail# echo "show ssl cert /etc/haproxy/certs/www.mydomain.org.pem" | socat /var/run/haproxy/admin.sock -
Can't display the certificate: Not found or the certificate is a bundle!
Hhmm. Got so far, but finally didn't succeed. 
Maybe because I have a bundle for a couple of domainnames?
I don't have experience with HAProxy and we don't see it often at this forum. While you wait to see if anyone else here can help you could try posting this at the HAProxy github or their forum. You said you got a cert so that's our main priority here. How HAProxy uses it might be more clearly answered by their experts.
And, review the various options for the show ssl command as possible debug aid
http://docs.haproxy.org/dev/management.html#9.3-show%20ssl%20cert
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.