Hi Aleks,
On Thu, Feb 19, 2026 at 11:53:37AM +0100, Aleksandar Lazic wrote: > Subject: Question about HAP 3.3 + ACME > Hi. > > We try to use the hot new feature ACME :-) > With the config below get we this message at start up. > > Please can anybody help to fix our mistake. > Many thanks > > ``` > [NOTICE] (1) : Initializing new worker (3) > [NOTICE] (3) : haproxy version is 3.3.2-72df9192b > [NOTICE] (3) : path to executable is /usr/local/sbin/haproxy > [ALERT] (3) : config : unable to stat SSL certificate from file > 'multiple.pem.ecdsa' : No such file or directory. > . > [ALERT] (3) : config : Error(s) found in configuration file : > /usr/local/etc/haproxy/haproxy.cfg > [ALERT] (3) : config : Fatal errors found in configuration. > [NOTICE] (1) : haproxy version is 3.3.2-72df9192b > [NOTICE] (1) : path to executable is /usr/local/sbin/haproxy > [WARNING] (1) : Failed to load worker (3) exited with code 1 (Exit) > ``` > I know this could be a bit disturbing, but for now it's not possible to start without a certificate if your certificate is not configured in a "crt-store". That's explain in the "limitations" part of the current ACME documentation: https://docs.haproxy.org/3.3/configuration.html#acme%20(ACME) > That's the config. > > ``` > global > log stdout format raw local0 > maxconn 4096 > > # Stats Socket für Runtime API (acme renew benötigt das) > stats socket /var/run/haproxy/haproxy.sock mode 660 level admin > expose-fd listeners > > # Experimental ACME aktivieren > expose-experimental-directives > > # HTTPClient braucht DNS-Resolver für ACME-Requests > httpclient.resolvers.prefer ipv4 > > # ============================================================ > # ACME Section – Let's Encrypt > # ============================================================ > acme letsencrypt > directory https://acme-v02.api.letsencrypt.org/directory > account-key /mnt/account.key > contact mailto:[email protected] > challenge HTTP-01 > keytype ECDSA > curves P-384 > map virt@acme > > # ============================================================ > # Certificate Store – zentraler Speicherort > # ============================================================ > crt-store lets_encrypt > crt-base /mnt > Here your crt-store isn't used at all, the crt-base only applies on this store, so basically you need to add your certificate + acme configuration there. Like it's done in https://github.com/haproxy/wiki/wiki/ACME:--native-haproxy Hope this helps. Regards, -- William Lallemand
