I just generate a new SSL certificate using Let's Encrypt. Now I'm trying to configure HAProxy.
These are the folders and certificates:
700 archive
|--------> 755 company.cxx
|------------> 644 fullchain.pem
|------------> 644 cert.pem
|------------> 644 (etc.)
Right now, these are the permissions of folders and soft links to the certificates in the archive
folder:
700 live
|--------> 755 company.cxx
|------------> 777 fullchain.pem
|------------> 777 cert.pem
|------------> 777 (etc.)
HAProxy is configured like this:
frontend public
bind :80
bind :443 ssl crt /etc/letsencrypt/live/company.cxx/fullchain.pem
And the error is this:
Proxy 'public': no SSL certificate specified for bind ':443' at [/etc/haproxy/haproxy.cfg:12] (use 'crt').
Fatal errors found in configuration.
I don't know if the permissions are the problem, but I'm worried about which would be the right way to do this with HAProxy. I will appreciate your help.
EDIT: Just for testing, I tried copying the certificates to /etc/haproxy
but it didn't work.
Best Answer
The solution is explained on DigitalOcean. In short:
fullchain.pem
andprivkey.pem
/etc/haproxy/certs