Let's Encrypt and haproxy

Started by pingus, February 07, 2017, 02:29:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 07, 2017, 02:29:03 PM
Hi

I'm tesing OPNsense with haproxy and Let's Encrypt but it will not issue a certificate because the path is not found (http based).

It is not fully clear to me what Let's Encrypt is doing in http based issuing. Do it stop any web services on the firewall itself and then start it's own webservice to provide the necessary web path? If so, does it also stop the haproxy or is this not necessary?

Or, does it need the web server the certificate is for? Makes no sense to me because OPNsense is not able to write into the backend webservers http directory.

Many thanks for the clarification.
February 07, 2017, 03:56:16 PM #1
Either the challange file needs to exist on the backend server or HAproxy would need to divert the folder LE uses to another directory hosting the challenge response file
February 07, 2017, 04:23:01 PM #2
Hi guys,

The author of the LE and HAproxy plugin was hard at work to provide full integration between both plugins (LE -> HAproxy really). It is scheduled for release with OPNsense 17.1.1 on Thursday.


Cheers,
Franco
February 07, 2017, 04:40:35 PM #3
I've added some screenshots to the PR to demonstrate the upcoming HAProxy integration:
https://github.com/opnsense/plugins/pull/71

When enabled it will automatically add the required configuration to HAProxy (backend, server and action/ACL for acme challenge detection/redirection) and restart HAProxy if required. (The acme challenges will be served by a tiny webserver running on OPNsense.)


Regards
- Frank
February 07, 2017, 08:19:23 PM #4
Wow, what a great community and fast developers! I guess i should stay with opnsense  :D ;)
Print
Go Up Pages1
User actions