I have been making progress on my setup. I have the certs, have the frontend and backend setup. When I try to access my server by the FQDN, I get the 503 error. Looking at the cert information on the page I get “This certificate cannot e verified up to a trusted certification authority.”
The issued by is and to entries match my certs.
Any help would be greatly welcomed.
Since you have posted no logs or details here is a quick one line Linux command using openssl to pull all the cert data so you can see what is being sent by HA Proxy.
openssl s_client -servername google.com -host 126.96.36.199 -port 443
When I ran the command it looked like it was using a faked CA (Fake LE Intermediate XL) and would not connect so I am trying to reconfigure the ACMI Certs portion.
Would the “Fake LE Intermediate XL” CA be issued by the staging LE Key setup?
Never had that as a response so I am not sure. Have you tried googleing that message?
I was just reading a post on it. https://community.letsencrypt.org/t/cn-fake-le-intermediate-x1/13437
Looks like using the staging server will issue the “Fake LE Intermediate XL” CA. I will be using the Production server to try next and see if it works.
By the way which log would be helpful to pull to see what is going on? (system, ACMI, HAProxy)
Switching to the Let’s Encrypt Production server fixed my issue. I was under the impression that the Staging servers would allow for testing of the authentication, for me guess not.
Now on the the next part of the setup.
Thanks again Tom for the instructional videos and help on the forums. The openssl command helped point me in the right direction.