HA Proxy Certlist not updated

zero · August 15, 2024, 4:45pm

I am following the updated video to setup acme/haproxy. When I look in the backend after putting in the name/ip/port/checking encrypt ssl, I ONLY show the CA and client certificates from system > certificates. The same issue occurs when attempting to set up a front end in haproxy. I feel as though I am missing a step or overlooking something, but I’m lost here. I’ve restarted the haproxy service with no change.

I’ve created new account keys and a certificate in acme but they do not show anywhere else. Appreciate any and all help in advance!

LTS_Tom · August 15, 2024, 4:52pm

If you are using ACME with Let’s Encrypt there will be Acmecert under the Authorities and your domain certs under Certificates

https://docs.netgate.com/pfsense/en/latest/certificates/index.html

I cover that in my latest video on HAProxy

zero · August 15, 2024, 5:09pm

I understand that and have watched the video multiple times. However, I never see ACME under the authorities or domain certs under certificates, thus they cannot be selected.

I did click on the issue/renew button and that now shows the certificate as private key only, no DN, in use by Acme(1). However, ACME is still not in the authorities.

Also, in the ssl offloading for front end in haproxy, the certificate that now shows lists it as an openvpn client, not ACME.

LTS_Tom · August 15, 2024, 6:24pm

Then there is something wrong with your ACME setup that is stopping it from pulling in the certificates.

zero · August 15, 2024, 6:49pm

Hmm okay. I’ve reinstalled the package, not sure what else to do here. I will keep searching.

LTS_Tom · August 15, 2024, 8:09pm

What does it say is the “Last Renewed” date in ACME? Is there an error message when you force the issue/renew?

zero · August 15, 2024, 11:42pm

I didn’t catch the error the first time when trying to renew. I did set up the dns method as cloudflare and I get the below error.


[Thu Aug 15 19:37:59 EDT 2024] Adding txt value: tofl4Q_LkvKssu7MsS82M8wF3mLTpYAKnAoP8evmCPQ for domain:  _acme-challenge.owdemo.org
[Thu Aug 15 19:37:59 EDT 2024] invalid domain
[Thu Aug 15 19:37:59 EDT 2024] Error add txt for domain:_acme-challenge.owdemo.org
[Thu Aug 15 19:37:59 EDT 2024] Please check log file for more details: /tmp/acme/wildcard_cert_owdemo/acme_issuecert.log

zero · August 16, 2024, 12:15am

ID10T error. I had my zone id and account id in the setup backwards problem solved