I'm using haproxy2.8 and I have configured the acme.sh challenge to fetch the certificate, following this wiki here: https://github.com/haproxy/wiki/wiki/Letsencrypt-integration-with-HAProxy-and-acme.sh
Once I get to the point to test the certificate, I'm getting: acme@mail:~$ echo "show ssl cert /etc/haproxy/certs/mydomain.org.pem" | socat /var/run/haproxy/admin.sock - Can't display the certificate: Not found or the certificate is a bundle! The file is definitely there and the command works an a different file, when I apply it to the previously used certificate fullchain.pem. The file which is not working, has the following structure: -----BEGIN EC PRIVATE KEY----- MHcCAQEEIHFXw2MqiGQUNIx6fHOZOqGs14BtPOpr1jeieJj43QxQoAoGCCqGSM49 AwEHoUQDQgAE0S6sFIRYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY2+f0Vlw/2MaOv A6VSMz5YSLjKhvEqIyMhPCtKhDP07x57vQ== -----END EC PRIVATE KEY----- -----BEGIN CERTIFICATE----- XXXXXXXXXXXXXXXXXXXRAIgL6ZQa9Q9t0zDrSPrdDGAwCgYIKoZIzj0EAwMwSzEL MAkGA1UEBhMCQVQxEDAOBgNVBAoTB1plcm9TU0wxKjAoBgNVBAMTIVplcm9TU0wg .... IkTPzeuzhHbCcMIV+BXbljRngQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDhTCCAwygAwIBAgIQI7dt48G7KxpRlh4I6rdk6DAKBggqhkjOPQQDAzCBiDEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT .... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7 MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE ..... CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy 8qn0dNW44bOwgeThpWOjzOoEeJBuv/c= -----END CERTIFICATE----- The file that is working, looks like this: -----BEGIN CERTIFICATE----- MIIFIjCCBAqgAwIBAgISBGJeRwzt+XStsqS4xbnbT6ObMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEwMjMxNDIyMjlaFw0yNDAxMjExNDIyMjhaMBoxGDAWBgNVBAMT D25vcm1hbGZpbHRlci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB .... AMb9wrIs+zoN09SAK9A/Tl/wBGuRtC0CSsM/qIFi/kROF8tHrrltBFI5AUjlVVk/ AAOCAQEABoS6mLKw+PlkkVrMjM2es4nz+elgp/Qm4k0o2Da1B8QhxZkgzRioATcs P9yRSH6Xj3jBkpPvhml6jshmKqbDb46TAPERHc79Nx63RKWSZ3YEyyaYXOsa1i9O uWxzSkCFBSb8sMjMT9iNj+W7GoUMQQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh ..... yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX nLRbwHOoq7hHwg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT ..... 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDG/cKyLPs6DdPU gCvQP05f8ARrkbQtAkrDP6iBYv5EThfLR665bQRSOQFI5VVZP6iVeiql5s35FDUw Ha5FVepwzduMlwe1g68/CtFR2B7oH/+DGHFm+nglYeeEavqk547GwSPkmX5tPEEv ..... 8ZoxBPBJgBtDnrBO+JTf7ZygcQ5XTF03sSd2ytdjVlcTy+knlhBS3UIRq4ek2xs4 nNTNgxvFuuqSCIAFLVlSq9KDbHzlu96Xc7Cz4xVmtx2wwkf4OZkm912XRVv+xfDO rzuBSbjC9IthPoAPP3j8satO -----END PRIVATE KEY----- Maybe it's the ECC cert type/private key? Or the position of the private key? Clueless at the moment. -- Christoph
smime.p7s
Description: S/MIME cryptographic signature