-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deploy tool is not working as expected for HAProxy #4788
Comments
Please upgrade to the latest code and try again first. Maybe it's already fixed. |
Upgrade acme.sh --upgrade was successfull log with --debug 2: root@HAProxy:~# sudo -u acme -s -----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE----- |
Yesterday I resolved that. Private key from combined certificate pem file must be at the end of the file, not in start. |
resolved issue with HAProxy acmesh-official#4788 according https://serversforhackers.com/c/letsencrypt-with-haproxy
That's not your problem, your problem is that the haproxy CLI uses an empty line as the end of the payload. |
Just pushed an update to be compatible with this case. |
Hi, for me, the in place deployment of certificate renewals (letsencrypt) is not working anymore (so I think since end of last week). Same error, certificate chain incomplete. After restarting haproxy service, everything works as usual. acme version: 3.0.7 |
The |
Yes, I mean that PR, so probably this is the wrong place here to discuss. :-) And I use this as described here: https://www.haproxy.com/blog/haproxy-and-let-s-encrypt |
@jhjadmin the latest documentation is available here https://github.com/haproxy/wiki/wiki/Letsencrypt-integration-with-HAProxy-and-acme.sh but that's slightly the same. Could you please update the
Please share your output with |
Thank you very much, updating the deploy script seems to work. No restart of haproxy service with complete certificate chain now. But anyway the output of the deploy command:
|
@jhjadmin okay, thanks, good to know! |
Steps to reproduce
I got the certificate from letsencrypt for HAproxy using the commands:
Everything works, but when I scan the certificate with the ssllabs tool, I see a score of b and the message that "This server's certificate chain is incomplete. Grade capped to B."
It looks like the deploy tool is not working as expected. Please help.
\
The text was updated successfully, but these errors were encountered: