Suddenly haproxy crashed error code 143

Hello,

My website getting suddenly down at midnight and found out that my haproxy container was faulty on my down.
I was checking my log files to see what was caused crash and found this message that’s was caused down.
I was googled it and not found any explanation about fault.
Can somebody explain what it was caused and what it means this error codes

Sep 25 23:12:48 haproxy haproxy[242]: [WARNING] 265/050617 (242) : Exiting Master process...
Sep 25 23:12:48 haproxy haproxy[242]: [ALERT] 265/050617 (242) : Current worker 243 exited with code 143
Sep 25 23:12:48 haproxy haproxy[242]: [WARNING] 265/050617 (242) : All workers exited. Exiting... (143)
Sep 26 05:50:01 haproxy haproxy[243]: Proxy default_frontend started.
Sep 26 05:50:01 haproxy haproxy[243]: Proxy default_frontend started.

143 is SIGTERM, so it looks as it someone (or a script) did a “killall haproxy”.

Hi willy,
Thanks for your response, I have looked at logs and didn’t seen what it couse code 143 and how can I prevent this ?

Maybe have a look on log rotation if you have it configured.

Hi Again,
Thanks I was checking in log files and found this error that made failing. I was checking deeply and found out that my certificate is that there couse that it failed.
I was googled and could not found that solutions, but it does not give me sense why it’s failed at certbot.

Sep 25 23:12:46 haproxy systemd[1]: certbot.service: Failed to reset devices.list: Operation not permitted
Sep 25 23:12:46 haproxy systemd[1]: Starting Certbot...
Sep 25 23:12:48 haproxy systemd[1]: Stopping HAProxy Load Balancer...
Sep 25 23:12:48 haproxy systemd[1]: Stopped HAProxy Load Balancer.
Sep 25 23:12:54 haproxy systemd[1]: haproxy.service: Unit cannot be reloaded because it is inactive.
Sep 25 23:12:54 haproxy certbot[8936]: Hook command "service haproxy reload" returned error code 1
Sep 25 23:12:54 haproxy certbot[8936]: Error output from service:
Sep 25 23:12:54 haproxy certbot[8936]: haproxy.service is not active, cannot reload.
Sep 25 23:12:55 haproxy systemd[1]: Started Certbot.
Sep 25 23:17:01 haproxy CRON[8985]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Sep 25 23:29:11 haproxy systemd-networkd[179]: eth0: Configured
Sep 25 23:55:25 haproxy systemd-networkd[179]: eth0: Configured
Sep 26 00:00:01 haproxy CRON[8992]: (root) CMD (/home/happydays/renew-cert.sh)
Sep 26 00:00:02 haproxy CRON[8991]: (CRON) info (No MTA installed, discarding output)

My script:

You seems to have an issue with certbot. Maybe you can check the permission first.

Otherwise,

Your certbot command seems to be the process stopping your haproxy. You have to check if you have another script running as in your script it should issue a start command, and the logs are showing a reload command.

At work, to manage certs with certbot without having to restart haproxy, we have set up an acl catching Letsencrypt requests :

    acl letsencrypt path_beg /.well-known/acme-challenge/
    use_backend letsencrypt if letsencrypt
...
backend letsencrypt
    server localhost 127.0.0.1:8080

If you use certbot on the same server, you can change the certbot port (use 8080 for example) and renew with --http-01-port 8080 option.

Once renewed, you just have reload haproxy to load the new certs (maybe with the post-hook, we don’t use it so i don’t know how it works)

Hi rhada,
Thank you so much, I will try to change this settings and let us see if it helps on new solutions. I think it will do.