HAProxy, certificate valid but site shows 503 error

rmsloan · October 9, 2020, 8:31am

Hi,

Hopefully someone could help me with this issue I have been trying to resolve for more than a week.

I’m using HAProxy on PfSense with LetsEncrypt certificates.

The issue I have is as follows:

The SSL certificate is setup correctly and I’m able to assign the certificate to my PfSense web interface on port 10443 and it works fine.

I created a second certificate for a server on my network.

I have followed Tom’s guide to the letter for setting up the backend and frontend of HAProxy, but when I go to an SNI, it shows the certificate as valid but has a 503 Service Unavailable error. However, if I access the server via a different port (bypassing HAProxy) the site comes up, but with no valid certificate (as expected)

I’m clearly missing something, but can’t figure out what.

Any help would be greatly appreciated.

Regards,

Robert.

LTS_Tom · October 21, 2020, 10:47am

My guess would be you do not have the back end contacting the server properly.

rmsloan · October 21, 2020, 11:21am

Hi Tom,

Thanks for your reply. I have made some progress but have an issue accessing my JellyFin server which runs on port 8096.

When I go to the sni for the JellyFin server I get a 503 error although it shows as secure and is the right certificate. I can access internally without issue.

I installed Apache 2 on the same server as JellyFin and set this to use port 8097

If I change the backend for the JellyFin server from 8096 to 8097 it works fine.

I’'ve trawled many article and can’t seem to find any cause for this issue.

If you can offer any pointers it would be greatly appreciated.

Regards,

Robert.