Haproxy serving wrong SSL certificate for a subdomain

bend66 · May 18, 2016, 12:18pm

I have a Server that runs haproxy to redirect incoming traffic to the correct process based on the subdomain. haproxy is configured to use different SSL certificates depending on the subdomain.

The configuration works, however sometimes (quite often though), haproxy serves the wrong certificate (it serves the certificate of another subdomain). I have to refresh the page multiple times in order to get the correct one.

I don’t know if it’s more probable, but it looks like haproxy is not getting the correct subdomain in the request

Here is my haproxy configuration: http://pastebin.com/WZhd2e52

lukastribus · May 18, 2016, 3:16pm

I assume wiki.xxx and files.xxx.com are the same IP. This cannot work, the kernel is load-balancing between the 2 frontends.

If you have 1 IP with port 443, you need to use a single frontend.

bend66 · May 19, 2016, 10:07am

Indeed they use the same Ip, I fixed it by using one frontend like you said and using sni for using the correct backend.
Thanks!

Topic		Replies	Views
Randomly issuing the wrong certificate Help!	1	1342	July 17, 2018
Ssl certificate verify on specific domain with SNI Help!	7	4010	October 5, 2017
[SOLVED] One IP, fistful of domains, pack of subdomains and HAProxy in front of it Help!	12	2590	November 4, 2018
Strange behavior observed with SNI Help!	1	125	August 17, 2023
Configuring HAProxy with servers that have unique SAN certs Help!	1	115	March 4, 2024

Haproxy serving wrong SSL certificate for a subdomain

Related Topics