have succesfully been using haproxy and a wildcard cert via acme to access some servers externally. The cert renewal is working great and is really handy.
I would like to use the same wildcard cert for truenas without ever having to manually import it to truenas. This works if I add truenas to haproxy…but I don’t want truenas available externally.
I have tried setting up another frontend in haxproxy that just listens on the lan and a backend to it for truenas.
I added a host override in dns resolver pointing at the lan listening address on haproxy.
When I try to access it via truenas. I get prompted to self sign it and it says not secure.
I’m obviously missing something…any ideas?