Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy and ACME certification not working

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 725 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hefin
      last edited by Hefin

      I have set up a test WHM/cPanel web server behind my pfSense box.

      I'm trying to configure pfSense to apply an SSL certificate to the webserver backend management console:

      The URL for the login page for this management panel is:

      https://staging-server.wpfreelancer.co.uk:2087/

      Steps I have done to setup this up:

      1.) Create a ACME Certificate which is issued

      02387879-c5f9-4862-82a3-0ef6ac099288-image.png

      The domain is registered with google domains, so for this certificate, I'm using the method of 'DNS-Manual' as its authentication method.

      24ac9982-b702-45e8-83ac-ea7a4d9125ce-image.png

      On creation of the certificate, I was instructed to put a TXT record on the DNS record for the domain, which I have done below and it's propagated

      https://mxtoolbox.com/SuperTool.aspx?action=txt%3a_acme-challenge.staging-server.wpfreelancer.co.uk&run=toolpage

      4d9d0992-59e2-4c50-802b-4f4a8fafca61-image.png

      2.) Created the HAProxy backend

      41129dfa-04e7-475d-baa2-f9f76a55e37a-image.png

      The Backend config I have selected the ACME certificate created in step one

      1f3becaa-4811-4564-886b-bd2635b267d8-image.png

      3.) Defined the HAProxy frontend

      983f7ae0-cd1c-4068-ba2f-d27480f3e018-image.png

      The frontend is using SSL offloading

      8ced131e-d163-4990-ac10-cb15318ffd1a-image.png

      Here are the ACL and actions

      b554b8dd-1d31-4ab5-97ba-3ee2f92303ae-image.png

      Any ideas about what I'm doing wrong here? This is my first time using ACME and HAProxy

      Many Thanks

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Hefin
        last edited by

        @hefin
        The client certificate might not be, what you need. This is meant for authenticating the client on the server.

        You have to assign the certificate to the frontend.

        BTW: you should better hide your public IP, at least if it's static.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.