haproxy 2.0 doesn't like private key that is not strong enough (only 1024 bits).
I generated new certificate for key that has 2048 bits just to find that this certificate is accepted but TLSv1.0 was removed from haproxy or some SSL library, haproxy 2.0.13 cannot connect to the old router...:-( haproxy cannot connect to the router and reports error 503 - Service unavailable. This is a script to generate new certificate, inspired by https://gist.github.com/yuezhu/47b15b4b8e944221861ccf7d7f5868f5 $ cat gen-new-pem.sh #!/bin/sh FNAME="firewall" DAYS=370 NUMBITS=2048 # Generate a unique private key (KEY) openssl genrsa -out $FNAME.key $NUMBITS # Generating a Certificate Signing Request (CSR) openssl req -new -key $FNAME.key -out $FNAME.csr # Creating a Self-Signed Certificate (CRT) openssl x509 -req -days $DAYS -in $FNAME.csr -signkey $FNAME.key -out $FNAME.crt # Append KEY and CRT to mydomain.pem cat $FNAME.key $FNAME.crt > $FNAME.pem -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964122 Title: Cannot connect to router with admin page over TLS v1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1964122/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs