Re: Is it possible to disable SSL if not certificates are found?
Hi Simos, The workaround is to have a default (fake) certificat in first and use « strict-sni » parameter. Manu > Le 22 mai 2017 à 10:28, Simos Xenitellis a écrit > : > > Hi All, > > I am trying to automate some tasks with adding multiple https > (LetsEncrypt) websites, > and using HAProxy as a TLS Termination Proxy. > > The problem is that when you start off with an empty server, there are > no certificates yet, > and it is not possible to have "bind *:443 ssl crt > /etc/haproxy/certs/..." in haproxy.cfg. > > LetsEncrypt can work with http, so it could easily use the "bind *:80" > front-end in the beginning. > > Is there a way to express "If no certificates are found in > /etc/haproxy/certs/, then do not bind *:443"? > > Simos >
Re: Is it possible to disable SSL if not certificates are found?
Hi Simos Xenitellis. Simos Xenitellis have written on Mon, 22 May 2017 11:28:41 +0300: > Hi All, > > I am trying to automate some tasks with adding multiple https > (LetsEncrypt) websites, > and using HAProxy as a TLS Termination Proxy. > > The problem is that when you start off with an empty server, there are > no certificates yet, > and it is not possible to have "bind *:443 ssl crt > /etc/haproxy/certs/..." in haproxy.cfg. > > LetsEncrypt can work with http, so it could easily use the "bind *:80" > front-end in the beginning. > > Is there a way to express "If no certificates are found in > /etc/haproxy/certs/, then do not bind *:443"? I don't know such a 'lazy read' option in haproxy, but this feature sounds interesting. Do you have any patches available yet or are you willing to provide one? > Simos Regards Aleks
Is it possible to disable SSL if not certificates are found?
Hi All, I am trying to automate some tasks with adding multiple https (LetsEncrypt) websites, and using HAProxy as a TLS Termination Proxy. The problem is that when you start off with an empty server, there are no certificates yet, and it is not possible to have "bind *:443 ssl crt /etc/haproxy/certs/..." in haproxy.cfg. LetsEncrypt can work with http, so it could easily use the "bind *:80" front-end in the beginning. Is there a way to express "If no certificates are found in /etc/haproxy/certs/, then do not bind *:443"? Simos