I have two Ubuntu servers both running Docker and have a few containers on each listening on various network ports. I have two public domains but only WAN IP address therefore I need a reverse proxy to be able to map requests using ACLs and point them to the corresponding backend server(s) and also access the various services from their subdomains if I would like to access them via the standard HTTP(S) ports.
I would like to utilise both self-signed certificates using my own certificate authority but also have Let’s Encrypt certificates too. I want to do SSL termination with HAProxy which is installed on my router/firewall/gateway so that the servers don’t have to deal with SSL at all and will be easy to manage using ACME for Let’s Encrypt certificates.
My question is, does HAProxy support multiple certificates to the same server? For example, if the self-signed certificate was the first certificate listed in the config as shown below and my client had the CA certificate installed would it use that certificate? However, if the CA certificate was not installed on the client, would it failover to the Lets Encrypt certificate instead?
frontend www.mysite.com bind 10.0.0.3:80 bind 10.0.0.3:443 ssl crt /etc/ssl/certs/mysite_self-signed.pem crt /etc/ssl/certs/mysite_letsencrypt.pem default_backend web_servers backend web_servers server server1 10.0.1.3:443 check maxconn 20 ssl
Resources I have referred to: