Configure multiple SSL certificates in Haproxy
You can concatenate all your certificates into files say haproxy1.pem
and haproxy2.pem
or you can specify a directory containing all your pem files.
cat cert1.pem key1.pem > haproxy1.pem
cat cert2.pem key2.pem > haproxy2.pem
As per the haproxy docs
Then on the config use something like this:
defaults
log 127.0.0.1 local0
option tcplog
frontend ft_test
mode http
bind 0.0.0.0:443 ssl crt /certs/haproxy1.pem crt /certs/haproxy2.pem
use_backend bk_cert1 if { ssl_fc_sni my.example.com } # content switching based on SNI
use_backend bk_cert2 if { ssl_fc_sni my.example.org } # content switching based on SNI
backend bk_cert1
mode http
server srv1 <ip-address2>:80
backend bk_cert2
mode http
server srv2 <ip-address3>:80
Read more about SNI
Keep in mind that SSL support is in development staging for haproxy and also that it apparently has considerable performance hit.
There are other solutions talked about in this thread: https://stackoverflow.com/questions/10684484/haproxy-with-multiple-https-sites
Hope this helps.
No need to concat or specify a list of certificates anymore, just specify a folder:
frontend public
bind *:443 ssl crt /etc/haproxy/ssl/
Note: make sure the folder isn't empty and valid PEM files are present, otherwise HAProxy will not run.
maybe you could check this too:
/etc/ssl/private/crt-list.txt:
/etc/ssl/private/mydomain.pem
/etc/ssl/private/myotherdomain.pem
haproxy.cfg:
frontend https-in:
bind *:443 ssl crt-list /etc/ssl/private/crt-list.txt
refs: https://github.com/msimerson/Mail-Toaster-6/wiki/How-to-for-Multiple-Domain-SSL-Certificates-with-HaProxy