How to configure Haproxy with multiple certificates


  • Hello,

    Currently I am using Pfsense with the ACME and HaProxy packages.
    I have a few hundred domain names.
    There are 100 domain names per certificate (The maximum allowed).
    In Haproxy, I have as many backend as I have certificate.

    This does not seem to me to be a good practice and generates time out problems during renewal.

    How to configure, in Haproxy, a frontend which can use several certificates?

    I looked at the "SNI filter" and "additional certificate" side, but I can't find any information.

    Thank you.


  • No answer, quite disappointed.
    I had time to lean on it lately and managed to do what I wanted.

    Here's some catch if it helps anyone.

    Create your certificate (I use the OVH API but it works with the other method):
    createCertificate.PNG

    You can create as many certificates as necessary (Pay attention to the limit imposed by the ACME packge, see link below)
    Rate Limits
    createCertificate2.PNG

    In Haproxy, go to the frontend which manages the domain name linked to the certificates created previously (the one ending with "site" for me, it depends on your configuration).
    frontend.PNG

    In the "certificate" section, choose one of the certificates to create (any you need).
    Check the 2 boxes "Add ACL for certificate ...."
    frontend1.PNG

    In the "additional certificates" section, add all the certificates you need.
    frontend2.PNG

    Check the 2 ACL boxes again
    frontend3.PNG

    Save and apply the configuration.
    Domains are now in HTTPS.