HAProxy warning after 23.01 upgrade: ca-file: 0 CA were loaded from '@system-ca'
-
i have the same message when saving settings in haproxy.
this appears in the log....using the haproxy-devel package here.
haproxy: check error output: [NOTICE] (45310) : haproxy version is 2.6.6-274d1a4 [NOTICE] (45310) : path to executable is /usr/local/sbin/haproxy [WARNING] (45310) : config : Loading: Unable to parse OCSP response. Content will be ignored. [WARNING] (45310) : config : Loading: Unable to parse OCSP response. Content will be ignored. [WARNING] (45310) : config : Loading: Unable to parse OCSP response. Content will be ignored. [WARNING] (45310) : config : ca-file: 0 CA were loaded from '@system-ca' Warnings were found. Configuration file is valid
-
@sparklyballs , @safe , then just doing what I can, bumping this up. Sorry, beyond me.
-
@safe Just a last thought, check the HAProxy-devel developer notes. Did they maybe deprecate a cert type (eg, 1024 bit)? If yes, is there a work-around?
-
@nightlyshark Thanks for the suggestions, but I didn't find anything that looks related. The cert is also 2048 bits, just generated via the Acme package. I get the warning even if I disable the only frontend that is configured.
-
@safe That must be it, then. Do you have the ACME cert only, or the full certificate chain configured?
-
-
Looks like everything is there.
-
@safe @safe Is your full error like what ... hmmm... @sparklyballs ... posted or just the @system-ca thing?
-
@nightlyshark
This is what I get after each reload. It doesn't look like anything is affected, but I have never got notices or warnings here in earlier versions when config is correct.
-
-
@nightlyshark Saw this one was closed, i'll try to create a new issue. As suggested in the issue, putting
httpclient.ssl.verify none
in global, removes my error.
Thanks for all the help.
-
@safe i get the exact same message when i try to save settings in haproxy
the message i posted was an excerpt from the system logs. -
@sparklyballs I'll see if I can post an issue tomorrow. The notices and warnings are gone with the line above in global.
-
@safe Good luck!