Situtation: I’ve an haproxy beetween outside world and the server.
The server itself got a letsencrypt certicate and it’s ok when directly exposed to internet (i mean, when router forward 443 to server’s 443)
To handle the need of haproxy, I’m trying to understand what to ‘chain’. Sorry if it is not the right term, explain me right ones, kindly.
This is what I am doing now.
cat /etc/letsencrypt/live/www.example.com/privkey.pem /etc/letsencrypt/live/www.example.com/fullchain.pem | tee /etc/letsencrypt/live/www.example.com/combined.pem
Then I copied the combined.pem into haproxy and configured haproxy to use this files
bind *:443 ssl crt /etc/ssl/private/www.example.com/combined.pem
I used an online checker pointing to publicip:443, so was haproxy responding
Online checker approved it and see the chain.
I’d like just a confirm if it is right.