OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • HA-Proxy problem: error_ssl_protocol
« previous next »
  • Print
Pages: [1]

Author Topic: HA-Proxy problem: error_ssl_protocol  (Read 1729 times)

ruggerio

  • Sr. Member
  • ****
  • Posts: 289
  • Karma: 11
    • View Profile
HA-Proxy problem: error_ssl_protocol
« on: November 27, 2018, 12:07:39 pm »
Hi,

I installed 2 backend-servers, one with ssl, one with nossl. I installed 1 frontend for both, with actions and conditions. HAProxy works, but if i want to connect via wan, i get a ssl-error in my browser.

The certificate still is on my server, it's a letsencrypt-cert. I think, i did someting wrong in the config. Does the webserver (the backend) still need a certificate? Or does this error come because of not having an official cert (not a selfsigned one)?

I think, except this, it would work...

Thx!
Logged

Kevo

  • Newbie
  • *
  • Posts: 25
  • Karma: 1
    • View Profile
Re: HA-Proxy problem: error_ssl_protocol
« Reply #1 on: December 02, 2018, 07:08:22 pm »
When you say connecting via WAN, you mean from the internet to your opnsense box where haproxy is running? So you are connecting to a frontend from outside and getting the SSL error in your browser? Seems like your haproxy doesn't have a valid cert. Did you setup let's encrypt to give certs to haproxy?

I don't recall the specifics but when I set mine up I had to put some ACLs or conditions in place so haproxy could direct the acme stuff to the right place to allow let's encrypt to handle it's validation.

I think the plugin handles most of this, but if you have other rules or acls they can interfere or take precedence. I had multiple domains to deal with so I had to structure everything properly or the acme stuff would fail to validate.

Maybe if you posted more specifics I could give you better direction, but hopefully that helps get you moving in the right direction.
Logged

ruggerio

  • Sr. Member
  • ****
  • Posts: 289
  • Karma: 11
    • View Profile
Re: HA-Proxy problem: error_ssl_protocol
« Reply #2 on: December 03, 2018, 08:16:01 pm »
The thing is, that haproxy has no certifkcate from acme at all.

It is on the backendserver already installed.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • HA-Proxy problem: error_ssl_protocol
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2