Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA Proxy, Lets Encrypt, unable to load certificate from file .pem no start line.

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      witenite
      last edited by

      I am trying to get HA Proxy working with a cert from Lets Encrypt to work.

      Everything is up to date, PF Sense Plus (23.05.1)

      I add the back end as per the instructions on Lawerance Systems Youtube videos. The back end configuration goes in with no issues.

      I configure the front end, and I receive this error.

      Errors found while starting haproxy
      [NOTICE] (22798) : haproxy version is 2.7.6-4dadaaa
      [NOTICE] (22798) : path to executable is /usr/local/sbin/haproxy
      [ALERT] (22798) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:15] : 'bind X.X.X.X:8096' in section 'frontend' : 'crt-list' : unable to load certificate from file '/var/etc/haproxy_test/JellyFinPrxy.pem': no start line.
      [ALERT] (22798) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
      [ALERT] (22798) : config : Fatal errors found in configuration.

      (IP removed for security)

      The file in question starts with a line space then...

      -----BEGIN RSA PRIVATE KEY-----
      (key)
      -----END RSA PRIVATE KEY-----

      I am not sure where to go from here to see why this is happening, or if this is something that I can fix.

      Should this be a bug report???

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @witenite
        last edited by

        @witenite said in HA Proxy, Lets Encrypt, unable to load certificate from file .pem no start line.:

        -----BEGIN RSA PRIVATE KEY-----
        (key)
        -----END RSA PRIVATE KEY-----

        Well that would not be the cert that would be the key.. The acme certs would just go in the cert manager and you would just pick it from a drop down list..

        cert.jpg

        This would be in the cert manager

        certmng.jpg

        Are you trying to manually load it up or something?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        W 1 Reply Last reply Reply Quote 2
        • W
          witenite @johnpoz
          last edited by

          @johnpoz

          hangs head

          Thanks.

          I skipped the step mentally on adding certs in the SSL Offloading section. I added it there, and no error.

          Again, Thank you.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.