Hi,
I am trying to follow this nice guide : Automate HAProxy Let's Encrypt Certificates with acme.sh and even if I reduce my configuration to the minimal, haproxy refuses to start.
It is mentioned explicitly on the guide : “The strict-sni keyword will allow you to start HAProxy with the empty directory,” which is my case as I haven’t generated the first certificate and tried to restart haproxy. (last command here : Automate HAProxy Let's Encrypt Certificates with acme.sh )
haproxy version is 3.2.5-ba0fd6b on FreeBSD 14.3
lobal
default-path config
zero-warning
chroot /var/empty
user haproxy
group haproxy
hard-stop-after 5m
stats socket /var/run/haproxy-svc1.sock level admin mode 660
setenv ACCOUNT_THUMBPRINT 'xxxxxxxxxxxxxxx'
stats timeout 1h
log stderr local0 info
defaults http
mode http
option httplog
log global
timeout client 1m
timeout server 1m
timeout connect 10s
timeout http-keep-alive 2m
timeout queue 15s
timeout tunnel 4h # for websocket
frontend web
bind :80
bind :443 ssl crt /usr/local/etc/certs strict-sni
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
default_backend app1
backend app1
balance roundrobin
option abortonclose
server srv1 10.10.10.10:8080 maxconn 100 check inter 1s
[WARNING] (99321) : Proxy ‘web’: no SSL certificate specified for bind ‘:443’ at [/usr/local/etc/haproxy.conf:26], ssl connections will fail (use ‘crt’).
I checked already that I got permission to read/write to the certs, it seems very straight forward in the guide, I must miss something…
Many thanks
you just gave me a very good hint!!