I have been trying to deploy a SSL/SNI configuration with HAProxy 1.5 (1.5.8-3+deb8u2 to be specific) and although it does work (I can start, stop and restart the service) the configuration check always reports the following:
$ /usr/sbin/haproxy -c -f /etc/haproxy/haproxy.cfg
[ALERT] 179/141417 (14223) : parsing [/etc/haproxy/haproxy.cfg:68] : ‘bind xxx.xxx.xxx.xxx:443’ : unable to load SSL private key from PEM file ‘/etc/haproxy/ssl/xxx.xxx.xxx.xxx/’.
[ALERT] 179/141417 (14223) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 179/141417 (14223) : Proxy ‘xxx.xxx.xxx.xxx_https’: no SSL certificate specified for bind ‘xxx.xxx.xxx.xxx:443’ at [/etc/haproxy/haproxy.cfg:68] (use ‘crt’).
[ALERT] 179/141417 (14223) : Fatal errors found in configuration.
I cannot for the life of me find out why this error is generated.
I have tried multiple ways of sorting the order of the certificates and keys. Some of them are definitely not correct as HAProxy wont start but the current order (cert -> key -> intermediate) works.
The weird thing is that this configuration “works”, its just that the error wont go away.
Can anybody give me any insight as to why this is.