Thanks. I did a fresh
acme.sh --issue -d domain ... --keylength 2048 with prior revoking the certificates since I was a bit unsure what the partially exposing of my provate key was concerned - thanks, Shawn. I went back to the Wiki and found the necessary steps there: DEPLOY_HAPROXY_HOT_UPDATE=yes DEPLOY_HAPROXY_STATS_SOCKET=/var/run/haproxy/admin.sock DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy/certs acme.sh --deploy -d www.mydomain.org --deploy-hook haproxy [Tue Nov 14 02:07:26 PM CET 2023] Deploying PEM file [Tue Nov 14 02:07:26 PM CET 2023] Moving new certificate into place [Tue Nov 14 02:07:26 PM CET 2023] Reload successful [Tue Nov 14 02:07:26 PM CET 2023] Success acme@mail:~/.acme.sh$ ls -l /etc/haproxy/certs total 12 -rw-rw-r-- 1 acme acme 8489 Nov 14 14:07 www.mydomain.org.pem Christoph Kukulies k...@kukulies.org This file seems to be assembled by the deploy script. (since it contains the private key). So far so good for the first. Got to implement the renewal mechanism now. > Am 13.11.2023 um 17:20 schrieb William Lallemand <wlallem...@haproxy.com>: > > On Mon, Nov 13, 2023 at 10:46:08AM +0100, Christoph Kukulies wrote: >>> Am 13.11.2023 um 10:09 schrieb William Lallemand <wlallem...@haproxy.com>: >>>> >>>> acme@mail:~$ echo "show ssl cert /etc/haproxy/certs/mydomain.org.pem" | >>>> socat /var/run/haproxy/admin.sock - >>>> Can't display the certificate: Not found or the certificate is a bundle! >>>> >> >> acme@mail:~/.acme.sh/www.mydomain.org_ecc$ echo "show ssl cert " | socat >> /var/run/haproxy/admin.sock - >> # filename >> /etc/haproxy/certs/fullchain.pem >> /etc/haproxy/certs/fullchain_ec.pem >>> >> > > Well, you can't display /etc/haproxy/certs/mydomain.org.pem because it's > not in haproxy. > > Can you share the output of your deploy acme.sh command as well as your > haproxy configuration? > > -- > William Lallemand -- Christoph
smime.p7s
Description: S/MIME cryptographic signature
