PFsense HAProxy with 1 certificate 2 domains

Ricardo · August 29, 2024, 11:57am

I am new to PFsense and HAProxy and need your help with the following:

I successfully configured HAProxy on PFsense with an ACME certificate with a SAN List for the domains “A.COM” and “.B.COM” with wildcards. I have 3 backends for the domain A.COM and 1 for B.COM. They are all assigned to a single frontend. When accessing the domain A.COM, everything works correctly, but for B.COM, the certificate is not assigned properly.

Is it possible for HAProxy to handle a single certificate for two domains?
How can I make HAProxy work in this situation?

LTS_Tom · August 29, 2024, 12:48pm

I think you can only have one Wildcard cert per front end.

Ricardo · August 29, 2024, 1:09pm

Thanks for quick answer
So, the solution, is to create a cert for each domain and add them do the frontend in additional certificates?

LTS_Tom · August 29, 2024, 1:43pm

I have never tested this setup but there is an older write up on using HAProxy with one front end and multiple domains.

stildalf · September 1, 2024, 5:39am

This should work with multiple wildcard SANs in one cert, and in additional certs for that matter. But double check you’ve enabled the SAN list ACLs on the frontend though.

Frontend
- SSL Offloading
  - Certificate
    - Add ACL for certificate CommonName
    - Add ACL for certificate Subject Alternative Names

Same can be done for Additional certificates a section or two below.

Ricardo · September 9, 2024, 2:16pm

First of all, my thanks to everyone for their help.
I managed to get it working.
I have three sites with different domains under a single certificate.
The problem was not with HAProxy, but with the Vhost file for each site.