> Am 13.11.2023 um 10:09 schrieb William Lallemand <wlallem...@haproxy.com>: > > On Sat, Nov 11, 2023 at 10:26:33AM +0100, Christoph Kukulies wrote: >> I'm using haproxy2.8 and I have configured the acme.sh challenge to fetch >> the certificate, following this wiki here: >> https://github.com/haproxy/wiki/wiki/Letsencrypt-integration-with-HAProxy-and-acme.sh >> >> Once I get to the point to test the certificate, I'm getting: >> >> acme@mail:~$ echo "show ssl cert /etc/haproxy/certs/mydomain.org.pem" | >> socat /var/run/haproxy/admin.sock - >> Can't display the certificate: Not found or the certificate is a bundle! >> >> >> The file is definitely there and the command works an a different file, when >> I apply it to the previously used certificate fullchain.pem. >> The file which is not working, has the following structure: > > "show ssl cert" shows the certificate in the haproxy memory, and not on > the filesystem. Start by doing "show ssl cert" without any argument to > see the list of certificates whcih were loaded by haproxy. >
Thanks, William, acme@mail:~/.acme.sh/www.mydomain.org_ecc$ echo "show ssl cert " | socat /var/run/haproxy/admin.sock - # filename /etc/haproxy/certs/fullchain.pem /etc/haproxy/certs/fullchain_ec.pem > And, Shawn, you may be right that it is not the ECC type itself causing the "Can't display" message but some other quirk. The funny thing: at the moment I cannot reproduce the issue at all. And the fullchain_ec.pem has "-----BEGIN EC PRIVATE KEY-----" and the corresponding END EC line in it. Will keep an eye on it next time. -- Christoph
smime.p7s
Description: S/MIME cryptographic signature
