OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: ruggerio on November 27, 2018, 12:07:39 pm

Title: HA-Proxy problem: error_ssl_protocol
Post by: ruggerio on November 27, 2018, 12:07:39 pm
Hi,

I installed 2 backend-servers, one with ssl, one with nossl. I installed 1 frontend for both, with actions and conditions. HAProxy works, but if i want to connect via wan, i get a ssl-error in my browser.

The certificate still is on my server, it's a letsencrypt-cert. I think, i did someting wrong in the config. Does the webserver (the backend) still need a certificate? Or does this error come because of not having an official cert (not a selfsigned one)?

I think, except this, it would work...

Thx!
Title: Re: HA-Proxy problem: error_ssl_protocol
Post by: Kevo on December 02, 2018, 07:08:22 pm
When you say connecting via WAN, you mean from the internet to your opnsense box where haproxy is running? So you are connecting to a frontend from outside and getting the SSL error in your browser? Seems like your haproxy doesn't have a valid cert. Did you setup let's encrypt to give certs to haproxy?

I don't recall the specifics but when I set mine up I had to put some ACLs or conditions in place so haproxy could direct the acme stuff to the right place to allow let's encrypt to handle it's validation.

I think the plugin handles most of this, but if you have other rules or acls they can interfere or take precedence. I had multiple domains to deal with so I had to structure everything properly or the acme stuff would fail to validate.

Maybe if you posted more specifics I could give you better direction, but hopefully that helps get you moving in the right direction.
Title: Re: HA-Proxy problem: error_ssl_protocol
Post by: ruggerio on December 03, 2018, 08:16:01 pm
The thing is, that haproxy has no certifkcate from acme at all.

It is on the backendserver already installed.