HAProxy community

Hot update client certs

My configuration
Haproxy version - 2.1.4

global
log _log local0 debug
stats socket haproxy.sock level admin

defaults
log global
mode http
option httplog
timeout connect 10s
timeout client 30s
timeout server 30s

listen stats
bind :1936
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /

frontend website
bind :8998 ssl crt finalcert.pem
default_backend goserver

backend goserver
balance roundrobin
option httpchk GET /
server server1 127.0.0.1:8999 check maxconn 30

When I have new certificates
I tried this
echo -e “set ssl cert finalcert.pem <<\n$(cat <dir_path>/morecertificates.pem)\n” | socat stdio haproxy.sock
echo “commit ssl cert finalcert.pem” | socat stdio haproxy.sock

The morecertificates.pem = finalcert.pem+

Would the above commands add the certificate to the runtime?

Any reply is appreciated

Are you adding new certificates or replacing existing ones?

Please read:

https://cbonte.github.io/haproxy-dconv/2.1/management.html#set%20ssl%20cert

and

https://cbonte.github.io/haproxy-dconv/2.1/management.html#commit%20ssl%20cert

I am adding new certificates

You cannot do this with the functionality in 2.1.

Please see:

Thanks for the clarification