Export letsencrypt certificates from config.conf to servers in the LAN



  • Dear All,

    There seems to be an increasing number of web applications which can be run behind HAProxy but which would need to know details about the current certificate in use.

    One example is the Synapse/Matrix online chat, Voice over IP and Videotelephony server. Look up "load balancer" in the matrix faq, if you would like to learn details: https://matrix.org/docs/guides/faq.html

    For such aims, it would be great if one could alternatively (a) export certs from pfSense's config.conf right after they were generated, e. g. via a script invoked by the Acme Certificates service to send certificate and key by scp, rsync and the like plus trigger an update script on the destination server or (b) generate the certificates on the lan, implant them to config.conf and restart HAProxy.

    This is beyond the current/advanced thinking of generating certificates on the pfSense server outside config.conf like here: https://forum.pfsense.org/index.php?topic=107161.0 Seperate certificates will not easily be available to HAProxy, I think. Some of what is required would be rather close to OpenVPN Client Export.

    Does anyone know how to achieve this?

    Regards,

    Michael Schefczyk