Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy warning after 23.01 upgrade: ca-file: 0 CA were loaded from '@system-ca'

    Scheduled Pinned Locked Moved Cache/Proxy
    17 Posts 3 Posters 2.2k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • sparklyballsS Offline
      sparklyballs
      last edited by

      i have the same message when saving settings in haproxy.
      this appears in the log....

      using the haproxy-devel package here.

      haproxy: check error output: [NOTICE] (45310) : haproxy version is 2.6.6-274d1a4 [NOTICE] (45310) : path to executable is /usr/local/sbin/haproxy [WARNING] (45310) : config : Loading: Unable to parse OCSP response. Content will be ignored. [WARNING] (45310) : config : Loading: Unable to parse OCSP response. Content will be ignored. [WARNING] (45310) : config : Loading: Unable to parse OCSP response. Content will be ignored. [WARNING] (45310) : config : ca-file: 0 CA were loaded from '@system-ca' Warnings were found. Configuration file is valid

      NightlySharkN 1 Reply Last reply Reply Quote 0
      • NightlySharkN Offline
        NightlyShark @sparklyballs
        last edited by

        @sparklyballs , @safe , then just doing what I can, bumping this up. Sorry, beyond me.

        1 Reply Last reply Reply Quote 0
        • NightlySharkN Offline
          NightlyShark @safe
          last edited by

          @safe Just a last thought, check the HAProxy-devel developer notes. Did they maybe deprecate a cert type (eg, 1024 bit)? If yes, is there a work-around?

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            safe @NightlyShark
            last edited by

            @nightlyshark Thanks for the suggestions, but I didn't find anything that looks related. The cert is also 2048 bits, just generated via the Acme package. I get the warning even if I disable the only frontend that is configured.

            NightlySharkN 2 Replies Last reply Reply Quote 0
            • NightlySharkN Offline
              NightlyShark @safe
              last edited by

              @safe That must be it, then. Do you have the ACME cert only, or the full certificate chain configured?

              1 Reply Last reply Reply Quote 0
              • NightlySharkN Offline
                NightlyShark @safe
                last edited by

                @safe 54716c31-250b-4629-8103-09403bf9af50-image.png

                S 1 Reply Last reply Reply Quote 0
                • S Offline
                  safe @NightlyShark
                  last edited by

                  @nightlyshark
                  snap007829.png

                  Looks like everything is there.

                  1 Reply Last reply Reply Quote 0
                  • NightlySharkN Offline
                    NightlyShark
                    last edited by

                    @safe @safe Is your full error like what ... hmmm... @sparklyballs ... posted or just the @system-ca thing?

                    S 1 Reply Last reply Reply Quote 0
                    • S Offline
                      safe @NightlyShark
                      last edited by

                      @nightlyshark
                      This is what I get after each reload. It doesn't look like anything is affected, but I have never got notices or warnings here in earlier versions when config is correct.
                      snap007830.png

                      NightlySharkN sparklyballsS 2 Replies Last reply Reply Quote 0
                      • NightlySharkN Offline
                        NightlyShark @safe
                        last edited by

                        @safe Perhaps write here, seems it is not the first time this appeared.

                        S 1 Reply Last reply Reply Quote 0
                        • S Offline
                          safe @NightlyShark
                          last edited by

                          @nightlyshark Saw this one was closed, i'll try to create a new issue. As suggested in the issue, putting

                          httpclient.ssl.verify none

                          in global, removes my error.

                          Thanks for all the help.

                          1 Reply Last reply Reply Quote 1
                          • sparklyballsS Offline
                            sparklyballs @safe
                            last edited by

                            @safe i get the exact same message when i try to save settings in haproxy
                            the message i posted was an excerpt from the system logs.

                            S 1 Reply Last reply Reply Quote 0
                            • S Offline
                              safe @sparklyballs
                              last edited by

                              @sparklyballs I'll see if I can post an issue tomorrow. The notices and warnings are gone with the line above in global.

                              NightlySharkN 1 Reply Last reply Reply Quote 0
                              • NightlySharkN Offline
                                NightlyShark @safe
                                last edited by

                                @safe Good luck!

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.