Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy adds wrong SSL filename prefix to the configuration file for ssl crt-list ca-file

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 19 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      danielvanderwal
      last edited by

      I recently start have trouble saving my HAProxy configuration due to a error. It keeps adding clientca_ in front of the SSL offload certificate name. On file level this file does not exist! I tested with both HA Proxy plugins, the regular and dev version. I tried to regenerate the SSL (Lets Encrypt) but this keeps happening.

      [ALERT] (45623) : config : Couldn't open the ca-file '/var/etc/haproxy_test/clientca_shared-frontend.pem' (No such file or directory).
      [ALERT] (45623) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:28] : 'bind 0.0.0.0:443' in section 'frontend' : 'ca-file' : unable to load /var/etc/haproxy_test/clientca_shared-frontend.pem

      Does anybody have the same behaviour? to be clear I have the 25.07-RC running.

      The relevant part of /var/etc/haproxy_test/haproxy.cfg

      frontend shared-frontend
      bind 0.0.0.0:443 name 0.0.0.0:443 ssl crt-list /var/etc/haproxy_test/shared-frontend.crt_list ca-file /var/etc/haproxy_test/**clientca_**shared-frontend.pem verify required crl-file /var/etc/haproxy_test/**clientcrl_**shared-frontend.pem

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.