Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME(standalone) HAProxy stopped working!

    Scheduled Pinned Locked Moved ACME
    2 Posts 1 Posters 608 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jackus
      last edited by

      I had setup acme with HAProxy and standalone server for my LetsEncrypt certificates in early 2020 using pfSense 2.4.4. It worked fine, last time update of certificate was end of march 2021.
      I now get a message during renew that LetsEncrypt cannot reach FQDN/.well-known/acme-challenge/***.

      My Setup is
      HAproxy with a frontend with 2 backends.

      1. passing to internal webserver.
      2. passing to 127.0.0.1 port 55088
        The frontend has a error page showing maintenance

      The standalone sever in acme points to 127.0.0.1 port 55088

      No change made to ACME and HAproxy configuration other than adding a domain name or 2 to the certificate.

      When I type the FQDN. I get my web server redirected to https.
      When I use FQDN/.well-known/acme-challenge I get the Maintenance page

      I understand that the webserver is only started during the update process. Where can I see that it actually started during the update process?

      Current version numbers
      PfSense 2.5.1
      ACME 0.6.9_3
      HAPROXY 0.61_1

      Is there something changed in the ACME / HAproxy client after march 2021

      Thanks

      J 1 Reply Last reply Reply Quote 0
      • J
        jackus @jackus
        last edited by

        @jackus Ok solved it my self.
        It seems that you cannot use 127.0.0.1 anymore for the acme backend.
        I change the backend to LAN IP address and al worked again.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.