Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Haproxy and Acme standalone certificate validation option- need advice

    Cache/Proxy
    1
    1
    144
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cjbujold
      last edited by

      Hi,

      We have web servers behind Pfsense and are considering/looking to use Acme with HAProxy. In the PfSense documentation it says that the web server for the standalone validation option for Acme certificates is only active during the certificate validation process.

      "The Standalone method runs a small web server natively that is active only while the validation process is running."

      Yet later in the documentation it says "We do not recommend using this method as it exposes a service on the firewall to the Internet. "

      My question is is it safer when used with HaProxy since HaProxy insulates it from the Internet or am I incorrect in my interpretation? What risk exist if it is only active for a minute or so and will not respond at other times since it is turned off? Not clear as to what firewall service is being exposed.

      Looking for some advice.

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.