I’ve inherited a Linux (RHEL) server running HAProxy, and the SSL cert for the sites it provides SSL termination for has expired. I’ve been issued a new cert and have it in a PEM file along with the certifying chain.
After digging around the innarwebz, I determined I needed to update haproxy.cfg to bind port 443 to the new cert. Running find produced 6 hits in directories that are pretty obviously date-time references. Looking in their containing directory, there’s a ‘current’ symbolic link to the most recent of the directories. That seemed pretty obvious, so I copied the PEM file to that directory and edited the port 443 line to:
bind :443 ssl crt /opt/ags/services/agsinternaltools/tools/AGSJenkinsMasterLB/2015_05_06_21.26.37/config/new-credential.pem
…and rebooted the server.
But when I hit the site in a browser, it still reports the cert is outdated.
My first guess is that I’m not modfying the right instance of haproxy.cfg.
How do I tell which config file HAProxy is reading?
Is there another step or steps to take that I’m missing?