HA Proxy with Lets Encrypt wildcard certs

cfrudolphy · Jun 9, 2023, 2:44 PM

I am running the latest version of pfSense Plus in a virtual machine under Proxmox. I have the WAN and LAN interfaces passed through as PCIe devices. I have several VLANS setup. Everything works as expected.

I have several VM's under Proxmox setup that have Web management interfaces, pfSense and Proxmox as examples.

I want to serve up the Let's Encrypt wildcard cert when bringing up these web based management interfaces to get rid of the annoying "not safe" message in the browser. Note that none of this will be exposed to the internet. Only access will be from the LAN side.

I have installed the ACME package and have successfully obtained the wildcard cert. I have configured HA Proxy by following the video tutorial put out by Lawrence Systems. [https://www.youtube.com/watch?v=gVOEdt-BHDY&t=1026s.](link url)

I have changed the Web Gui access to HTTPS and Port #10443.

When I enable HA Proxy I still don't get the https symbol in my browser. If I check the "Disable Web Gui Re-direct" than I can no longer get to the Web Gui at all (503 error)

So I guess my question is can I use HA Proxy and the wildcard cert to https into pfSense itself considering that pfSense is "hosting" HA Proxy? If the answer to this is yes then what should I be looking at in my configuration of HA Proxy to allow this?

Any insight would be appreciated.

scott_solomon · Jul 8, 2023, 1:14 PM

@cfrudolphy That is how I have it set up and the config/setup is no different than any other frontend/backend pair. I happen to use a single front end using CNAME DNS pointing to a single DDNS URL on the front end, and then making sure I have unique IP/TCPs on the backend.