Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Let's Encrypt and haproxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Let's Encrypt and haproxy (Read 5802 times)
pingus
Newbie
Posts: 25
Karma: 2
Let's Encrypt and haproxy
«
on:
February 07, 2017, 02:29:03 pm »
Hi
I'm tesing OPNsense with haproxy and Let's Encrypt but it will not issue a certificate because the path is not found (http based).
It is not fully clear to me what Let's Encrypt is doing in http based issuing. Do it stop any web services on the firewall itself and then start it's own webservice to provide the necessary web path? If so, does it also stop the haproxy or is this not necessary?
Or, does it need the web server the certificate is for? Makes no sense to me because OPNsense is not able to write into the backend webservers http directory.
Many thanks for the clarification.
Logged
dragon2611
Jr. Member
Posts: 94
Karma: 4
Re: Let's Encrypt and haproxy
«
Reply #1 on:
February 07, 2017, 03:56:16 pm »
Either the challange file needs to exist on the backend server or HAproxy would need to divert the folder LE uses to another directory hosting the challenge response file
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: Let's Encrypt and haproxy
«
Reply #2 on:
February 07, 2017, 04:23:01 pm »
Hi guys,
The author of the LE and HAproxy plugin was hard at work to provide full integration between both plugins (LE -> HAproxy really). It is scheduled for release with OPNsense 17.1.1 on Thursday.
Cheers,
Franco
Logged
fraenki
Full Member
Posts: 175
Karma: 29
Re: Let's Encrypt and haproxy
«
Reply #3 on:
February 07, 2017, 04:40:35 pm »
I've added some screenshots to the PR to demonstrate the upcoming HAProxy integration:
https://github.com/opnsense/plugins/pull/71
When enabled it will automatically add the required configuration to HAProxy (backend, server and action/ACL for acme challenge detection/redirection) and restart HAProxy if required. (The acme challenges will be served by a tiny webserver running on OPNsense.)
Regards
- Frank
Logged
pingus
Newbie
Posts: 25
Karma: 2
Re: Let's Encrypt and haproxy
«
Reply #4 on:
February 07, 2017, 08:19:23 pm »
Wow, what a great community and fast developers! I guess i should stay with opnsense
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Let's Encrypt and haproxy