Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to configure Haproxy with multiple certificates

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mourad13
      last edited by

      Hello,

      Currently I am using Pfsense with the ACME and HaProxy packages.
      I have a few hundred domain names.
      There are 100 domain names per certificate (The maximum allowed).
      In Haproxy, I have as many backend as I have certificate.

      This does not seem to me to be a good practice and generates time out problems during renewal.

      How to configure, in Haproxy, a frontend which can use several certificates?

      I looked at the "SNI filter" and "additional certificate" side, but I can't find any information.

      Thank you.

      1 Reply Last reply Reply Quote 0
      • M
        mourad13
        last edited by mourad13

        No answer, quite disappointed.
        I had time to lean on it lately and managed to do what I wanted.

        Here's some catch if it helps anyone.

        Create your certificate (I use the OVH API but it works with the other method):
        createCertificate.PNG

        You can create as many certificates as necessary (Pay attention to the limit imposed by the ACME packge, see link below)
        Rate Limits
        createCertificate2.PNG

        In Haproxy, go to the frontend which manages the domain name linked to the certificates created previously (the one ending with "site" for me, it depends on your configuration).
        frontend.PNG

        In the "certificate" section, choose one of the certificates to create (any you need).
        Check the 2 boxes "Add ACL for certificate ...."
        frontend1.PNG

        In the "additional certificates" section, add all the certificates you need.
        frontend2.PNG

        Check the 2 ACL boxes again
        frontend3.PNG

        Save and apply the configuration.
        Domains are now in HTTPS.

        1 Reply Last reply Reply Quote 5
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.