HAProxy, IIS and Let's Encrypt

  • Hello everyone

    I'm trying to setup pfsense (newest version) with HAProxy as SSL Passthrough Proxy to an IIS Server with an Let's Encrypt certificate.

    So I've setup the front end as in the attached image.

    The backend is configured with two entries

    mode: active
    foward-to: address+port
    adress: IP of Server
    Port: 443
    SSL: yes

    and it has a second entry with all the same, except Port ist 80 und SSL no

    The forward from http to https is setup on IIS itself and it seems to work, as it gets changed into https when you go to that address.

    But on https it is not working. In chrome I get an error saying: ERR_SSL_PROTOCOL_ERROR

    Have I setup anything wrong, or am I missing something. If I use normal NAT to IIS it works fine.


  • For anybody who would have the same problems. I had the website already running for a while over NAT before it was changed to HAProxy. I let let's encrypt create new Certificates and changed the forwarding (http to https) to HAProxy, not the IIS anymore. Now it's working.

    Clear your cache before you try though!

Log in to reply