Setting up imaps with haproxy and local certs?

Slowly going crazy here…
have setup haproxy using this Set Up SMTP and IMAP Proxy with HAProxy (Debian, Ubuntu, CentOS)

it gets part of the way there, but I want to use my letsencrypt cert that I have available on the proxy box instead of trying to convince my internal dovecot to provide imaps - so basically offload SSL at the proxy

but I have no idea how to tell haproxy to provide imap:993 with the correct certs?

Probably just failing to read the rtfm properly

Also want to do the same with smtps:465

because someone might find this…

I fixed it by

  • merging fullchain and key into a cert - eg. cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ | tee /etc/haproxy/

  • referring to this combined pem file in the config e.g. bind *:993 ssl crt /etc/haproxy/

This only works for ports with implicit SSL. It cannot work with STARTTLS based approaches: