HAProxy community

Ignore autosigned Certificate

Good afternoon,

I have a HAProxy mounted on a Debian 10 (HA-Proxy version 2.0.7-1 ~ bpo10 + 1 2019/09/28) with Certbot 0.31.0 and wildcard certificate for my domain, what I need is one of the backend ( specifically it is a SMC Sophos with a self-signed certificate) ignore the self-signed certificate and can use the HAProxy to expose the service with the wildcard certificate, I have tried everything and there is no way to make it work, any ideas? please help!

frontend smc_Front
bind ssl crt /etc/haproxy/certs/domain.com.pem
http-request set-header X-Forwarded-Proto https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
default_backend smc-backend

backend smc-backend
redirect scheme https if !{ ssl_fc }
server smc check ssl verify none

Thanks for your help!


What do you see in the logs? Is the backend up? What happens if you disable health checks (and why are you using health checks in the first place, if there is only a single server)?

Does your backend perhaps need a SNI header in the client hello?

What happens if you curl it:

curl -kvv

Any help? please!

Looks like it already works. Can you respond to the questions above and elaborate what doesn’t work?