Thanks. I did a fresh
acme.sh --issue -d domain ... --keylength 2048 with prior revoking the certificates since I was a bit unsure what the partially exposing of my provate key was concerned - thanks, Shawn. I went back to the Wiki and found the necessary steps there: DEPLOY_HAPROXY_HOT_UPDATE=yes DEPLOY_HAPROXY_STATS_SOCKET=/var/run/haproxy/admin.sock DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy/certs acme.sh --deploy -d www.mydomain.org --deploy-hook haproxy [Tue Nov 14 02:07:26 PM CET 2023] Deploying PEM file [Tue Nov 14 02:07:26 PM CET 2023] Moving new certificate into place [Tue Nov 14 02:07:26 PM CET 2023] Reload successful [Tue Nov 14 02:07:26 PM CET 2023] Success acme@mail:~/.acme.sh$ ls -l /etc/haproxy/certs total 12 -rw-rw-r-- 1 acme acme 8489 Nov 14 14:07 www.mydomain.org.pem Christoph Kukulies [email protected] This file seems to be assembled by the deploy script. (since it contains the private key). So far so good for the first. Got to implement the renewal mechanism now. > Am 13.11.2023 um 17:20 schrieb William Lallemand <[email protected]>: > > On Mon, Nov 13, 2023 at 10:46:08AM +0100, Christoph Kukulies wrote: >>> Am 13.11.2023 um 10:09 schrieb William Lallemand <[email protected]>: >>>> >>>> acme@mail:~$ echo "show ssl cert /etc/haproxy/certs/mydomain.org.pem" | >>>> socat /var/run/haproxy/admin.sock - >>>> Can't display the certificate: Not found or the certificate is a bundle! >>>> >> >> acme@mail:~/.acme.sh/www.mydomain.org_ecc$ echo "show ssl cert " | socat >> /var/run/haproxy/admin.sock - >> # filename >> /etc/haproxy/certs/fullchain.pem >> /etc/haproxy/certs/fullchain_ec.pem >>> >> > > Well, you can't display /etc/haproxy/certs/mydomain.org.pem because it's > not in haproxy. > > Can you share the output of your deploy acme.sh command as well as your > haproxy configuration? > > -- > William Lallemand -- Christoph
smime.p7s
Description: S/MIME cryptographic signature
