Show Posts
1
Tutorials and FAQs / Re: Tutorial 2024/02: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
« on: March 29, 2024, 04:36:36 pm »
Hello,
First of all i want to thank everyone in this community for the very helpful comments and descriptions and TheHellSite for the beautiful tutorial and all the updates to it.
That being said I'm here because I'm out of ideas and my head is about to explode. So I've followed the tutorial almost 2 years ago now and manged to get everything to work perfectly for my environment. But 2 days ago i decided to update opnsense from 23.7.something to the newest version 24.4.4 like I've done many times in those past 2 years whenever I remembered to do it. But out of the not so many servers I have behind the haproxy, one didn't work properly and gave me the famous error 503 Service Unavailable No server is available to handle this request. For context this is a very very old server which, due to reasons, works on debian 6 and cannot be upgraded, with self signed openssl cert for its apache website which makes it inaccessible unless you downgrade your browser tls to 1 min. That's why I put this abomination behind my haproxy so the site can be reached more easily. Without any changes (at least I'm not aware of any) to the configuration it just stopped working after the update.
I guess my question is: did the update change anything to how opnsense is connecting to real servers with ssl enabled (because the connection works if its disabled, but then the site configuration becomes a problem) for old sites and servers and in general where do i look to fix the issue (apache on the server, opnsense, haproxy)? :'(
First of all i want to thank everyone in this community for the very helpful comments and descriptions and TheHellSite for the beautiful tutorial and all the updates to it.
That being said I'm here because I'm out of ideas and my head is about to explode. So I've followed the tutorial almost 2 years ago now and manged to get everything to work perfectly for my environment. But 2 days ago i decided to update opnsense from 23.7.something to the newest version 24.4.4 like I've done many times in those past 2 years whenever I remembered to do it. But out of the not so many servers I have behind the haproxy, one didn't work properly and gave me the famous error 503 Service Unavailable No server is available to handle this request. For context this is a very very old server which, due to reasons, works on debian 6 and cannot be upgraded, with self signed openssl cert for its apache website which makes it inaccessible unless you downgrade your browser tls to 1 min. That's why I put this abomination behind my haproxy so the site can be reached more easily. Without any changes (at least I'm not aware of any) to the configuration it just stopped working after the update.
I guess my question is: did the update change anything to how opnsense is connecting to real servers with ssl enabled (because the connection works if its disabled, but then the site configuration becomes a problem) for old sites and servers and in general where do i look to fix the issue (apache on the server, opnsense, haproxy)? :'(