HA-Proxy problem: error_ssl_protocol

Started by ruggerio, November 27, 2018, 12:07:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 27, 2018, 12:07:39 PM
Hi,

I installed 2 backend-servers, one with ssl, one with nossl. I installed 1 frontend for both, with actions and conditions. HAProxy works, but if i want to connect via wan, i get a ssl-error in my browser.

The certificate still is on my server, it's a letsencrypt-cert. I think, i did someting wrong in the config. Does the webserver (the backend) still need a certificate? Or does this error come because of not having an official cert (not a selfsigned one)?

I think, except this, it would work...

Thx!
December 02, 2018, 07:08:22 PM #1
When you say connecting via WAN, you mean from the internet to your opnsense box where haproxy is running? So you are connecting to a frontend from outside and getting the SSL error in your browser? Seems like your haproxy doesn't have a valid cert. Did you setup let's encrypt to give certs to haproxy?

I don't recall the specifics but when I set mine up I had to put some ACLs or conditions in place so haproxy could direct the acme stuff to the right place to allow let's encrypt to handle it's validation.

I think the plugin handles most of this, but if you have other rules or acls they can interfere or take precedence. I had multiple domains to deal with so I had to structure everything properly or the acme stuff would fail to validate.

Maybe if you posted more specifics I could give you better direction, but hopefully that helps get you moving in the right direction.
December 03, 2018, 08:16:01 PM #2
The thing is, that haproxy has no certifkcate from acme at all.

It is on the backendserver already installed.
Print
Go Up Pages1
User actions