PFSense with HAProxy & Let's Encrypt using Standalone HTTP or Standalone TLS-ALPN server

PFSense with HAProxy & Let’s Encrypt using Standalone HTTP or Standalone TLS-ALPN server give following error “Cannot negotiate ALPN protocol

Just wondering if anyone tried this as I have a google domain and has issue with automatic renewal. I notice if I have HAProxy enable while trying to run the renewal there were issues and the dates never update during the renewal. Only when I manually disable haproxy and run the renewal does the renewal seem to work.

FYI if i create a new certificate for a new subdomain or domain i run into the same issue until i turn off HAProxy. I do turn on HAProxy back on afterward as i need it.

Turning off HAProxy like below works (see image below). Not sure if the 443 port is share between HAProxy and Let’s Encrypt so I think that is the issue but not sure…

You should be using DNS for LE renewal, if you are using some form of HTTP renew it will use the local ports.

Ahh I see really appreciate your response Tom. Guess i will procure a DigitalOcean domain name instead of a Google domain as Google doesnt have the DNS method built into pfsense 2.6. Thanks. No wondering why it was having that issue :slight_smile:

Your pfsense LE and HAProxy video was spectacular!!!

1 Like