HAProxy & ACME - Site not loading

CreationGuy

I have ACME and HAProxy installed. I followed this video, my goal is to create an wild card SSL for use of internal services (portainer, PVE, docker, etc).

Namecheap is the domain registrar, Cloudflare is the Proxy, so I have an A record in CF to point to my public IP, CF proxies that. I created an API key for *.mydomain.com.

ACME / Account Keys:
Created one, Registered

ACME / Certs
Domain name is *.mydomain.com, using DNS-Cloudflare for the Method, entered in the info and got a cert

HAProxy / Backend
intranet.mydomain.com
Screenshot 2022-10-27 at 00-13-35 TheWall.jrfam.lan - Services HAProxy Backend Edit.png

HAProxy / Frontend
Screenshot 2022-10-27 at 00-14-45 TheWall.jrfam.lan - Services HAProxy Frontend Edit.png
I selected Proxmox address as the site is on a VM in Proxmox server (10.20.20.3) on the VLAN, that server (10.20.20.4) is Ubuntu Server with Portainer running a docker for an intranet dashboard. 9455 is the port that the docker container uses for the intranet. This particular docker container does not ship with HTTPS.

Screenshot 2022-10-27 at 00-19-55 TheWall.jrfam.lan - Services HAProxy Frontend Edit.png
I cut off the value for privacy

Further down, under SSL Offloading, I selected the wildcard cert from ACME.

Services / DNS / Resolver / General Settings

The service is running, I cleared dns cache, etc, but the site times out.

dig @10.10.10.1 intranet.mydomain.com
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @10.10.10.1 intranet.mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49256
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;intranet.mydomain.com.		IN	A

;; ANSWER SECTION:
intranet.mydomain.com.	3600	IN	A	10.20.20.1

;; Query time: 8 msec
;; SERVER: 10.10.10.1#53(10.10.10.1) (UDP)
;; WHEN: Thu Oct 27 04:25:21 UTC 2022
;; MSG SIZE  rcvd: 63

What am I doing wrong?

CreationGuy

Here's a few more settings:
Screenshot 2022-10-27 at 13-09-36 TheWall.jrfam.lan - System Advanced Admin Access.png
Screenshot 2022-10-27 at 13-04-45 Overview Documentation SSL_TLS jrfam.net Oursignups@pm.me's Account Cloudflare.png

CreationGuy

@creationguy said in HAProxy & ACME - Site not loading:

HAProxy / Frontend

I selected Proxmox address as the site is on a VM in Proxmox server (10.20.20.3) on the VLAN, that server (10.20.20.4) is Ubuntu Server with Portainer running a docker for an intranet dashboard. 9455 is the port that the docker container uses for the intranet. This particular docker container does not ship with HTTPS.

An Update:
The front end configuration was the problem, the port needs to be 443. Also, just to note, on the backend, if the site does NOT have SSL, then you need to uncheck Encrypt(SSL) on the BACKEND.

HAProxy / Backend
intranet.mydomain.com

Everything is now working. Unfortunately, if I go to https://crt.sh/ and check my domain, I have a BUNCH of SSL certs. Oh well.

Question:
How does this tool auto-update my public IP with Cloudflare so that my @ record is always up to date?