OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: abij on February 05, 2019, 07:10:34 pm

Title: Renew Letsencrypt cert on server behind Opnsense router (haproxy w/ send_proxy)
Post by: abij on February 05, 2019, 07:10:34 pm

My web server (only one server active when renewing cert) is behind an Opnsense router with hdproxy. Haproxy was set up with "Option pass-through: Add send-proxy" under "Real Servers Tab". This is used for logging real IPs of those who visited my website. But when send_proxy is present as pass-through option, Letsencrypt cert (on the server, not Opnsense router) has difficulties renewing itself. It will show error "Type: connection Detail: Error getting validation data".

As soon as I turn off "Option pass-through: Add send-proxy", I can renew cert without problems. So this means, I cannot use crontab to auto renew certificate; rather, I have to turn send_proxy on and off whenever I have to renew a cert.

I was wondering if there is an automatic way of keeping send_proxy and renewal of Letsencrypt cert.