Let's encrypt provides a list of files sorted nicely to be used by the http server.
Here is a list of files with symbolic links created by letsencrypt nicely.
lrwxrwxrwx 1 root root 51 Nov 22 15:48 cert.pem -> /etc/letsencrypt/archive/www.mydomain.com/cert3.pem
lrwxrwxrwx 1 root root 52 Nov 22 15:48 chain.pem -> /etc/letsencrypt/archive/www.mydomain.com/chain3.pem
lrwxrwxrwx 1 root root 56 Nov 22 15:48 fullchain.pem -> /etc/letsencrypt/archive/www.mydomain.com/fullchain3.pem
lrwxrwxrwx 1 root root 54 Nov 22 15:48 privkey.pem -> /etc/letsencrypt/archive/www.mydomain.com/privkey3.pem
HAproxy requires the additional step to concatenate fullchain.pem and privkey.pem together in one file and provide it in the configuration file.
I've tried to specify the folder in HAproxy configuration as some have suggested:
bind 123.456.789.012:443 ssl crt /etc/letsencrypt/live/www.mydomain.com/
But that doesn't work, I get:
Job for haproxy.service failed because the control process exited with error code.
See "systemctl status haproxy.service" and "journalctl -xe" for details.
I can only use the concatenated file as:
bind 123.456.789.012:443 ssl crt /etc/letsencrypt/live/www.mydomain.com/www.mydomain.com.pem
I've also tried:
bind 123.456.789.012:443 ssl crt /etc/letsencrypt/live/www.mydomain.com/privkey.pem crt /etc/letsencrypt/live/www.mydomain.com/fullchain.pem
Then the errors in journalctl -xe are:
Nov 22 17:11:44 www.mydomain.com haproxy[945999]: [ALERT] 325/171144 (945999) : parsing [/etc/haproxy/haproxy.cfg:39] : 'bind 176.56.237.244:443' : unable to load SSL private key from PEM file '/etc/letsencrypt/live/www.mydomain.com/fullchain.pem'.
and if change order I get:
Nov 22 17:05:50 www.mydomain.com haproxy[945889]: [ALERT] 325/170550 (945889) : parsing [/etc/haproxy/haproxy.cfg:39] : 'bind 176.56.237.244:443' : unable to load SSL certificate from PEM file '/etc/letsencrypt/live/www.mydomain.com/privkey.pem'.
HAproxy version: HA-Proxy version 2.0.29-0ubuntu1
note I'm using an example IP and domain.
I just want to be able to specify direct path to fullchain.pem and privkey.pem files in my HAproxy configuration file and never worry about concatenate again. Is that possible?
