I’m using Cloudflare’s SSL certificate on my webserver
I have configured HAProxy front section as below:
bind *:443 ssl crt /etc/haproxy/certs/
and I’ve put in my certificate concatenated files over the path: /etc/haproxy/certs/
but when I try to use some pages on my website I’m getting this error in the logs:
front/1: SSL handshake failure (error:0A000416:SSL routines::sslv3 alert certificate unknown)
A file must contain a single cert (concatenated wwith intermediate certs and private key), however it must not contain multiple certs.
The certificate files are concatenated and each file is just contains one certificate.
I’ve concatenated Private key + FullChain key into a file for those which I’ve create with Cloudflare bot, and I’ve concatenated Private key + Public key + CA root key for those which I’ve created on the Cloudflare origin certificate page.
and I’m using the last version of HAProxy
The sequence in the file needs to be:
cert + intermediate cert(s) + private key
-----BEGIN EC/RSA PRIVATE KEY-----
-----END EC/RSA PRIVATE KEY-----
Now I’m using the format you provided, I have another problem
HAProxy detects the path, but the link is not working, I checked the log files it looks like this:
front~ sub/srv1 0/0/0/0/0 307 137 - - ---- 1/1/0/0/0 0/0 “GET /first_part_of_path/Second_part_of_path HTTP/1.1”
and this is my config:
acl is_sub path_beg /first_part_of_path/
use_backend sub if is_sub
server srv1 127.0.0.1:port
The log file confirms that it is routing
/first_part_of_path/ to server
srv1 of backend
sub, exactly as the configuration implies.
I don’t know what
link is not working means.
Haproxy doesn’t do any rewriting here. The server will see
/first_part_of_path/Second_part_of_path as path.
Actually this link is for X-UI panel of V2ray family VPN services, this link is for subscription part, it must return the list of the configurations when user hits the Update Subscription button on the client side
but when user do that client returns failure message.