Hi, I posted this on the discourse haproxy forum and was asked to post it here for better visibility :
We recently switched to haproxy 2.2.2 and we encountered a problem with the flexibility of ssl-load-extra-files. The way we handle certs is as follows: Public key name is : fqdn.pem Private key name is : fqdn.key Which resulted in No Private Key found in '/etc/pki/tls/certs/fqdn.pem' or /etc/pki/tls/certs/fqdn.pem.key I think it would be interesting if that directive was a little smarter in the way it deals with file extensions and also tried to strip the extension from the filename to see if the .key file exists with the same name. Not sure how that would affect performance for HaProxy startup, but for the moment, we either need to completely revamp the way we deploy certs, or create a symlink for the key file, to .pem.key in the same directory if we want to use this feature. SSL-LOAD-EXTRA-FILES is an excellent feature we’ve been waiting for as it simplifies our cert deployment, but in its current form It’s not really usable for us. Thank you. -- Marc-Antoine Leclercq