Hi.
We try to use the hot new feature ACME :-)
With the config below get we this message at start up.
Please can anybody help to fix our mistake.
Many thanks
```
[NOTICE] (1) : Initializing new worker (3)
[NOTICE] (3) : haproxy version is 3.3.2-72df9192b
[NOTICE] (3) : path to executable is /usr/local/sbin/haproxy
[ALERT] (3) : config : unable to stat SSL certificate from file
'multiple.pem.ecdsa' : No such file or directory.
.
[ALERT] (3) : config : Error(s) found in configuration file :
/usr/local/etc/haproxy/haproxy.cfg
[ALERT] (3) : config : Fatal errors found in configuration.
[NOTICE] (1) : haproxy version is 3.3.2-72df9192b
[NOTICE] (1) : path to executable is /usr/local/sbin/haproxy
[WARNING] (1) : Failed to load worker (3) exited with code 1 (Exit)
```
That's the config.
```
global
log stdout format raw local0
maxconn 4096
# Stats Socket für Runtime API (acme renew benötigt das)
stats socket /var/run/haproxy/haproxy.sock mode 660 level admin expose-fd
listeners
# Experimental ACME aktivieren
expose-experimental-directives
# HTTPClient braucht DNS-Resolver für ACME-Requests
httpclient.resolvers.prefer ipv4
# ============================================================
# ACME Section – Let's Encrypt
# ============================================================
acme letsencrypt
directory https://acme-v02.api.letsencrypt.org/directory
account-key /mnt/account.key
contact mailto:[email protected]
challenge HTTP-01
keytype ECDSA
curves P-384
map virt@acme
# ============================================================
# Certificate Store – zentraler Speicherort
# ============================================================
crt-store lets_encrypt
crt-base /mnt
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
retries 3
# ============================================================
# HTTPS Frontend – Port 443, 80
# ============================================================
frontend https_front
bind *:80
bind [::]:80
bind *:443 ssl alpn h2,http/1.1 generate-certificates
bind [::]:443 ssl alpn h2,http/1.1 generate-certificates
http-request return status 200 content-type text/plain lf-string
"%[path,field(-1,/)].%[path,field(-1,/),map(virt@acme)]\n" if { path_beg
'/.well-known/acme-challenge/' }
# Zertifikate aus dem crt-store verwenden
ssl-f-use crt "multiple.pem.ecdsa" acme letsencrypt domains
"auth.MyDomain.com,git.MyDomain2.dev"
http-response set-header Strict-Transport-Security "max-age=63072000;
includeSubDomains; preload"
# Alles andere → HTTPS
redirect scheme https code 301
# GitLab
acl host_gitlab hdr(host) -i git.MyDomain2.dev
use_backend gitlab_back if host_gitlab
# Keycloak
acl host_keycloak hdr(host) -i auth.MyDomain.com
use_backend keycloak_back if host_keycloak
default_backend default_back
# ============================================================
# Backends
# ============================================================
backend gitlab_back
balance roundrobin
server gitlab gitlab:8000 check
backend keycloak_back
balance roundrobin
server keycloak keycloak:8001 check
backend default_back
errorfile 503 /usr/local/etc/haproxy/errors/503.http
```
Best Regards
Aleks
