Got mine working here with Pfsense, HAProxy and the same Ansible script.
Matrix Federation Tester Output
{
"WellKnownResult": {
"m.server": "",
"result": "Get \"https://MYDOMAIN/.well-known/matrix/server\": x509: certificate has expired or is not yet valid: current time 2021-12-30T22:11:39Z is after 2019-07-20T00:20:42Z",
"CacheExpiresAt": 0
},
"DNSResult": {
"SRVSkipped": false,
"SRVCName": "_matrix._tcp.MYDOMAIN.",
"SRVRecords": [
{
"Target": "matrix.MYDOMAIN.",
"Port": 8448,
"Priority": 10,
"Weight": 0
}
],
"SRVError": null,
"Hosts": {
"matrix.MYDOMAIN.": {
"CName": "matrix.MYDOMAIN.",
"Addrs": [
"MY.IP.Addr.Rss"
],
"Error": null
}
},
"Addrs": [
"MY.IP.Addr.Rss:8448"
]
},
"ConnectionReports": {
"MY.IP.Addr.Rss:8448": {
"Certificates": [
{
"SubjectCommonName": "MYDOMAIN",
"IssuerCommonName": "R3",
"SHA256Fingerprint": "mNxQhNc5kh0y/m0M/lNmUT6tH/ZagjQ+yd/fHuKqwRA",
"DNSNames": [
"MYDOMAIN"
]
},
{
"SubjectCommonName": "R3",
"IssuerCommonName": "ISRG Root X1",
"SHA256Fingerprint": "Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0",
"DNSNames": null
},
{
"SubjectCommonName": "ISRG Root X1",
"IssuerCommonName": "DST Root CA X3",
"SHA256Fingerprint": "bZn7Jl6xxbN0R2X8vGSPPNjhv/r9xML5m51Hz3/xwk8",
"DNSNames": null
}
],
"Cipher": {
"Version": "TLS 1.3",
"CipherSuite": "TLS_AES_256_GCM_SHA384"
},
"Checks": {
"AllChecksOK": true,
"MatchingServerName": true,
"FutureValidUntilTS": true,
"HasEd25519Key": true,
"AllEd25519ChecksOK": true,
"Ed25519Checks": {
"ed25519:a_uphM": {
"ValidEd25519": true,
"MatchingSignature": true
}
},
"ValidCertificates": true
},
"Errors": [],
"Ed25519VerifyKeys": {
"ed25519:a_uphM": "X9d+yyyMpzQ/KmWXvTScn13Iiki/k8H5tyxii9y64rw"
},
"Info": {},
"Keys": {
"old_verify_keys": {},
"server_name": "MYDOMAIN",
"signatures": {
"MYDOMAIN": {
"ed25519:a_uphM": "huZnEh+oLK2aKPspuQx5iq12e0QO3I1igbx2vZ513awgDHPieRuw1JUitm1z+kvWWFu6ZCT7W1dBFHyIann3Cg"
}
},
"valid_until_ts": 1640988673800,
"verify_keys": {
"ed25519:a_uphM": {
"key": "X9d+yyyMpzQ/KmWXvTScn13Iiki/k8H5tyxii9y64rw"
}
}
}
}
},
"ConnectionErrors": {},
"Version": {
"name": "Synapse",
"version": "1.49.2"
},
"FederationOK": true
}
Your HAProxy Config would be helpfull