HAProxy community

HAproxy with Lets encrypt


I have searched the forums and found many similar questions but nothing that solves this.

I have 2 webservers (apache) and HAproxy as LB in conjunction with keepalived. We use ISPconfig to manage and create websites. We use a VIP for load balancing. ISPconfig is set so that web-02 is a mirror of web-01.

When we point the public address directly to web-01 we can create certs just fine via ISPconfig. But for LB we need it to point to the VIP and it doesn’t work. I’m testing this with some dry runs with certbot and I can create certs via web-01 but not via web-02. Let me know if you need more info.Here is the haproxy config:

log global
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend http
bind *:80
bind *:443
option tcplog
mode tcp
default_backend web.kh.vbm.se

backend web.kh.vbm.se
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
option ssl-hello-chk
mode tcp
server web-01 check
server web-02 check