HA Proxy Certlist not updated

I am following the updated video to setup acme/haproxy. When I look in the backend after putting in the name/ip/port/checking encrypt ssl, I ONLY show the CA and client certificates from system > certificates. The same issue occurs when attempting to set up a front end in haproxy. I feel as though I am missing a step or overlooking something, but I’m lost here. I’ve restarted the haproxy service with no change.

I’ve created new account keys and a certificate in acme but they do not show anywhere else. Appreciate any and all help in advance!

If you are using ACME with Let’s Encrypt there will be Acmecert under the Authorities and your domain certs under Certificates

https://docs.netgate.com/pfsense/en/latest/certificates/index.html

I cover that in my latest video on HAProxy

I understand that and have watched the video multiple times. However, I never see ACME under the authorities or domain certs under certificates, thus they cannot be selected.

I did click on the issue/renew button and that now shows the certificate as private key only, no DN, in use by Acme(1). However, ACME is still not in the authorities.

Also, in the ssl offloading for front end in haproxy, the certificate that now shows lists it as an openvpn client, not ACME.

Then there is something wrong with your ACME setup that is stopping it from pulling in the certificates.

Hmm okay. I’ve reinstalled the package, not sure what else to do here. I will keep searching.

What does it say is the “Last Renewed” date in ACME? Is there an error message when you force the issue/renew?

I didn’t catch the error the first time when trying to renew. I did set up the dns method as cloudflare and I get the below error.


[Thu Aug 15 19:37:59 EDT 2024] Adding txt value: tofl4Q_LkvKssu7MsS82M8wF3mLTpYAKnAoP8evmCPQ for domain:  _acme-challenge.owdemo.org
[Thu Aug 15 19:37:59 EDT 2024] invalid domain
[Thu Aug 15 19:37:59 EDT 2024] Error add txt for domain:_acme-challenge.owdemo.org
[Thu Aug 15 19:37:59 EDT 2024] Please check log file for more details: /tmp/acme/wildcard_cert_owdemo/acme_issuecert.log

ID10T error. I had my zone id and account id in the setup backwards :face_with_open_eyes_and_hand_over_mouth: problem solved :smiley: