Hi Lukas.
On 02.03.20 22:38, Lukas Tribus wrote:
Hello Aleks,
On Mon, 2 Mar 2020 at 22:21, Aleksandar Lazic <[email protected]> wrote:
check-ssl check-sni str("storage.sbg.cloud.ovh.net")
For the health check it's:
check-sni storage.sbg.cloud.ovh.net
(not a expression as per the doc: check-sni <sni>)
and for the traffic:
sni str(storage.sbg.cloud.ovh.net)
(as per the doc which says: sni <expression>)
You need both.
Thank you. I have changed the server line but still handshake error.
I think that the ca-file is wrong, I haven't found anything what's the proper
ca-file for letsencrypt is.
```
server static_stor storage.sbg.cloud.ovh.net:443 resolvers mydns check
check-ssl check-sni storage.sbg.cloud.ovh.net sni
str(storage.sbg.cloud.ovh.net) ca-file
/etc/letsencrypt/live/lb1.panomax.com/fullchain.pem backup
```
The same error with /etc/ssl/certs/ISRG_Root_X1.pem
```
Mar 2 22:48:59 lb1 haproxy[19551]: [WARNING] 061/224859 (19553) : Backup Server
be_static/static_stor is DOWN, reason: Socket error, info: "SSL handshake
failure", check duration: 16ms. 0 active and 0 backup servers left. 0 sessions
active, 0 requeued, 0 remaining in queue.
Mar 2 22:48:59 lb1 haproxy[19553]: Backup Server be_static/static_stor is DOWN, reason:
Socket error, info: "SSL handshake failure", check duration: 16ms. 0 active and
0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
```
Lukas
Regards
Aleks
