How to configure Haproxy with multiple certificates

mourad13 · Dec 21, 2020, 9:43 AM

Hello,

Currently I am using Pfsense with the ACME and HaProxy packages.
I have a few hundred domain names.
There are 100 domain names per certificate (The maximum allowed).
In Haproxy, I have as many backend as I have certificate.

This does not seem to me to be a good practice and generates time out problems during renewal.

How to configure, in Haproxy, a frontend which can use several certificates?

I looked at the "SNI filter" and "additional certificate" side, but I can't find any information.

Thank you.

mourad13 · Jan 14, 2021, 4:19 PM

No answer, quite disappointed.
I had time to lean on it lately and managed to do what I wanted.

Here's some catch if it helps anyone.

Create your certificate (I use the OVH API but it works with the other method):

You can create as many certificates as necessary (Pay attention to the limit imposed by the ACME packge, see link below)
Rate Limits

In Haproxy, go to the frontend which manages the domain name linked to the certificates created previously (the one ending with "site" for me, it depends on your configuration).

In the "certificate" section, choose one of the certificates to create (any you need).
Check the 2 boxes "Add ACL for certificate ...."

In the "additional certificates" section, add all the certificates you need.

Check the 2 ACL boxes again

Save and apply the configuration.
Domains are now in HTTPS.