This is haproxy 1.6.3-1ubuntu0.2 on Xenial/16.04 running on amd64
hardware.
Reproduction steps:
1. Install haproxy and configure it to use a TLS certificate
2. Renew and replace that certificate
3. Run 'service haproxy reload'
4. Sometimes this starts serving the new certificate, sometimes it doesn't
** Changed in: haproxy (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
High Availability Team, which is subscribed to haproxy in Ubuntu.
https://bugs.launchpad.net/bugs/1828496
Title:
service haproxy reload sometimes fails to pick up new TLS certificates
Status in haproxy package in Ubuntu:
New
Bug description:
I suspect this is the same thing reported on StackOverflow:
"I had this same issue where even after reloading the config, haproxy
would randomly serve old certs. After looking around for many days the
issue was that "reload" operation created a new process without
killing the old one. Confirm this by "ps aux | grep haproxy"."
https://stackoverflow.com/questions/46040504/haproxy-wont-recognize-
new-certificate
In our setup, we automate Let's Encrypt certificate renewals, and a
fresh certificate will trigger a reload of the service. But
occasionally this reload doesn't seem to do anything.
Will update with details next time it happens, and hopefully confirm
the multiple process theory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1828496/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~ubuntu-ha
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ubuntu-ha
More help : https://help.launchpad.net/ListHelp
