Hello everyone.
I need help with using the lua-acme to generate certificates.
I followed this guide -> https://www.haproxy.com/de/blog/lets-encrypt-acme2-for-haproxy/
But it is not really well explained. From where do I get the letsencrypt-x3-ca-chain.pem?
I think this is thte problem why it is not working for me.
relevant log entries
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000000:acme.accept(0009)=001d from [127.0.0.1:40610] ALPN=
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000000:acme.clireq[001d:ffffffff]: POST /acme/order HTTP/1.1
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000000:acme.clihdr[001d:ffffffff]: host: 127.0.0.1:9011
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000000:acme.clihdr[001d:ffffffff]: authorization: Basic YWNtZTphY21l
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000000:acme.clihdr[001d:ffffffff]: user-agent: curl/7.52.1
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000000:acme.clihdr[001d:ffffffff]: accept: /
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000000:acme.clihdr[001d:ffffffff]: content-length: 5491
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000000:acme.clihdr[001d:ffffffff]: expect: 100-continue
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000000:acme.clihdr[001d:ffffffff]: content-type: multipart/form-data; boundary=------------------------adb21e245d3e4676
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000002:acme-ca.accept(000a)=001e from [127.0.0.1:41240] ALPN=
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000002:acme-ca.clireq[001e:ffffffff]: GET /directory HTTP/1.1
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000002:acme-ca.clihdr[001e:ffffffff]: host: 127.0.0.1:9012
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000002:acme-ca.clihdr[001e:ffffffff]: accept: /
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: 00000002:acme-ca.clihdr[001e:ffffffff]: user-agent: haproxy-lua-http/1.0
Mar 10 17:49:08 anx-testlb0501 haproxy[29550]: fd[001f] OpenSSL error[0x1416f086] tls_process_server_certificate: certificate verify failed
Mar 10 17:49:10 anx-testlb0501 haproxy[29550]: fd[001f] OpenSSL error[0x1416f086] tls_process_server_certificate: certificate verify failed
Mar 10 17:49:11 anx-testlb0501 haproxy[29550]: fd[001f] OpenSSL error[0x1416f086] tls_process_server_certificate: certificate verify failed
Mar 10 17:49:12 anx-testlb0501 haproxy[29550]: fd[001f] OpenSSL error[0x1416f086] tls_process_server_certificate: certificate verify failed
Mar 10 17:49:12 anx-testlb0501 haproxy[29553]: 127.0.0.1:41240 [10/Mar/2020:17:49:08.114] acme-ca acme-ca/ca 0/0/-1/-1/4881 503 221 - - SC-- 2/1/0/0/3 0/0 “GET /directory HTTP/1.1”
Mar 10 17:49:12 anx-testlb0501 haproxy[29553]: 127.0.0.1:41240 [10/Mar/2020:17:49:08.114] acme-ca acme-ca/ca 0/0/-1/-1/4881 503 221 - - SC-- 2/1/0/0/3 0/0 “GET /directory HTTP/1.1”
Mar 10 17:49:12 anx-testlb0501 haproxy[29550]: 00000002:acme-ca.clicls[001e:adfd]
Mar 10 17:49:12 anx-testlb0501 haproxy[29550]: 00000002:acme-ca.closed[001e:adfd]
Mar 10 17:49:12 anx-testlb0501 haproxy[29550]: 00000001:LUA-SOCKET.srvcls[ffffffff:adfd]
Mar 10 17:49:12 anx-testlb0501 haproxy[29550]: 00000001:LUA-SOCKET.clicls[ffffffff:adfd]
Mar 10 17:49:12 anx-testlb0501 haproxy[29550]: 00000001:LUA-SOCKET.closed[ffffffff:adfd]
Thank you!!