In haproxy 1.8dev, default certificate can now be optional. This patch allow that.
Manu
0001-MEDIUM-ssl-allow-haproxy-to-start-without-default-ce.patch
Description: Binary data
> Le 29 mai 2017 à 11:09, Emmanuel Hocdet <m...@gandi.net> a écrit : > > > Hi Simos, > > The workaround is to have a default (fake) certificat in first and use « > strict-sni » parameter. > > Manu > >> Le 22 mai 2017 à 10:28, Simos Xenitellis <simos.li...@googlemail.com> a >> écrit : >> >> Hi All, >> >> I am trying to automate some tasks with adding multiple https >> (LetsEncrypt) websites, >> and using HAProxy as a TLS Termination Proxy. >> >> The problem is that when you start off with an empty server, there are >> no certificates yet, >> and it is not possible to have "bind *:443 ssl crt >> /etc/haproxy/certs/..." in haproxy.cfg. >> >> LetsEncrypt can work with http, so it could easily use the "bind *:80" >> front-end in the beginning. >> >> Is there a way to express "If no certificates are found in >> /etc/haproxy/certs/, then do not bind *:443"? >> >> Simos >> >
