Pfsense HAProxy wierdness

All, thanks in advance for assistance.

I have been using HAProxy after following Tom’s SSL offloading video for a while. Everything is working for my multiple domains and certs except I have noticed an issue that I cannot resolve.

If I go to or any other I get redirected properly to the backend and the correct wildcard cert is applied.

If I go to I get a 503 error and the default cert that is set in the frontend setting is applied, not the wildcard cert for

I have a frontend ACL for “host matches” : “” point to backend port 80
I also have frontend ACL for “host matches” : “” point to backend port 80

Not sure what is going on or how to get to use the correct acl and redirect to the correct backend.

I have no experience with HAProxy, but maybe it returns the 503 because the requested domain doesn’t match the certificate CN. Unless you had the cert issued with the actual domain as a SAN, a wildcard certificate will not match the domain itself.

There should be a way to get logs from HAProxy in pfSense, they probably contain more information.

getting an SSL Handshake error when connecting using vs


I had * in the allowed domains in the ACME cert setup. Added and reissued the cert. voila! fixed!

1 Like