Pfsense Let's Encrypt Wildcard Certificates HAProxy

Hey everyone,

I followed the excellent video guide ‘How To Create pfsense Let’s Encrypt Wildcard Certificates using HAProxy’, thank you fro sharing this video.

I followed every steps en checked en checked it again, but my currently setup is not working properly.

  • Wildcard certificate is reveived and works on Pfsense webinterface

The issue is that my internal servers still are showing their self signed cert. When I look at the logging of example my internal VMware ESXi Sever, I see that i’m connecting/authentication directly from my client Pc and not from Pfsense (haproxy). Client pc is part of my LAN and had the gateway and dns sever from Pfsense. DNS is working because I can ping the IP-adresses of my internal servers and as a repons I get the hostname + domainname. Pure NAT is enabled because I don’t advertise the internal servers to the Internet.

Diagnostics / Sockets show that HAproxy is bound to a internal LAN IPaddress on tcp port 443.

Can somebody guide/help me to the right direction?

Kind regards from the Netherlands.

If you are doing HA Proxy, the system should be pointing at the IP of the pfsense, not the internal servers.

1 Like

Hi Tom, i’m sorry, I overlooked this.

So I changed the settings in the DNS resolver (Host Overrides) and changed the internal servers to point to Pfsense, and everything is now working properly.

2 Likes