I will start out saying I am in no way an expert in SSL or haproxy. We are trying out haproxy, and so far we love it. A big thank you to all the people that have worked on this project.
We have installed HAproxy to test and it works well on our sites.
We are trying to set up SSL and have a bit of an issue.
Godaddy is where our cert comes from. I know that the cert and the private key are good as we took these from our working website.
Created the .pem from the following:
cat xxxx.crt private.key gd_bundle-g2-g1.crt > dude.pem
Our error :
unable to load SSL private key from PEM file ‘/root/certs/dude.pem’
Keyfile (cat) =
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
openssl rsa -inform PEM -in dude.pem
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
haproxy -c -f /etc/haproxy/haproxy.cfg
[ALERT] 228/162443 (19177) : parsing [/etc/haproxy/haproxy.cfg:43] : ‘bind 192.168.1.40:443’ : unable to load SSL private key from PEM file ‘/root/certs/dude.pem’.
[ALERT] 228/162443 (19177) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 228/162443 (19177) : Fatal errors found in configuration.
/etc/haproxy/haproxy.cfg
frontend pbs_inbound
bind *:80
bind 192.168.1.40:443 ssl crt /root/certs/dude.pem
default_backend pbs_backend
haproxy -vv | grep OpenSSL
Built with OpenSSL version : OpenSSL 1.1.1d 10 Sep 2019
Running on OpenSSL version : OpenSSL 1.1.1d 10 Sep 2019
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
openssl x509 -inform PEM -in dude.pem
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Any help on this would be great. Thanks