SSL handshake failure error:0A000416

I’m using Cloudflare’s SSL certificate on my webserver
I have configured HAProxy front section as below:

listen front
mode http
bind *:443 ssl crt /etc/haproxy/certs/

and I’ve put in my certificate concatenated files over the path: /etc/haproxy/certs/
but when I try to use some pages on my website I’m getting this error in the logs:

front/1: SSL handshake failure (error:0A000416:SSL routines::sslv3 alert certificate unknown)

A file must contain a single cert (concatenated wwith intermediate certs and private key), however it must not contain multiple certs.

The certificate files are concatenated and each file is just contains one certificate.
I’ve concatenated Private key + FullChain key into a file for those which I’ve create with Cloudflare bot, and I’ve concatenated Private key + Public key + CA root key for those which I’ve created on the Cloudflare origin certificate page.
and I’m using the last version of HAProxy

The sequence in the file needs to be:

cert + intermediate cert(s) + private key

<actual cert>
<intermediate cert>
<private key>
1 Like

Now I’m using the format you provided, I have another problem
HAProxy detects the path, but the link is not working, I checked the log files it looks like this:

front~ sub/srv1 0/0/0/0/0 307 137 - - ---- 1/1/0/0/0 0/0 “GET /first_part_of_path/Second_part_of_path HTTP/1.1”

and this is my config:

acl is_sub path_beg /first_part_of_path/
use_backend sub if is_sub

backend sub
mode http
server srv1

The log file confirms that it is routing /first_part_of_path/ to server srv1 of backend sub, exactly as the configuration implies.

I don’t know what link is not working means.

Haproxy doesn’t do any rewriting here. The server will see /first_part_of_path/Second_part_of_path as path.

1 Like

Actually this link is for X-UI panel of V2ray family VPN services, this link is for subscription part, it must return the list of the configurations when user hits the Update Subscription button on the client side
but when user do that client returns failure message.