• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to configure Haproxy with multiple certificates

Scheduled Pinned Locked Moved pfSense Packages
2 Posts 1 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mourad13
    last edited by Dec 21, 2020, 9:43 AM

    Hello,

    Currently I am using Pfsense with the ACME and HaProxy packages.
    I have a few hundred domain names.
    There are 100 domain names per certificate (The maximum allowed).
    In Haproxy, I have as many backend as I have certificate.

    This does not seem to me to be a good practice and generates time out problems during renewal.

    How to configure, in Haproxy, a frontend which can use several certificates?

    I looked at the "SNI filter" and "additional certificate" side, but I can't find any information.

    Thank you.

    1 Reply Last reply Reply Quote 0
    • M
      mourad13
      last edited by mourad13 Jan 14, 2021, 4:19 PM Jan 14, 2021, 4:10 PM

      No answer, quite disappointed.
      I had time to lean on it lately and managed to do what I wanted.

      Here's some catch if it helps anyone.

      Create your certificate (I use the OVH API but it works with the other method):
      createCertificate.PNG

      You can create as many certificates as necessary (Pay attention to the limit imposed by the ACME packge, see link below)
      Rate Limits
      createCertificate2.PNG

      In Haproxy, go to the frontend which manages the domain name linked to the certificates created previously (the one ending with "site" for me, it depends on your configuration).
      frontend.PNG

      In the "certificate" section, choose one of the certificates to create (any you need).
      Check the 2 boxes "Add ACL for certificate ...."
      frontend1.PNG

      In the "additional certificates" section, add all the certificates you need.
      frontend2.PNG

      Check the 2 ACL boxes again
      frontend3.PNG

      Save and apply the configuration.
      Domains are now in HTTPS.

      1 Reply Last reply Reply Quote 5
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        [[user:consent.lead]]
        [[user:consent.not_received]]