Renew Cert updates but old cert being used?

I am using Haproxy to forward sub-domains to the proper LXD containers. I have multiple containers configured as websites. The method I use to renew LetsEncrypt certs is below and works fine for other sub-domains, but for this one (test.streamingworld.us), the expired cert is used? The cert does renew but the older, expired cert is always used, causing SSL to fail.

certbot certificates yields:
Certificate Name: test.streamingworld.us
Domains: test.streamingworld.us
Expiry Date: 2024-05-27 20:30:36+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/test.streamingworld.us/fullchain.pem
Private Key Path: /etc/letsencrypt/live/test.streamingworld.us/privkey.pem

Here is the haproxy.cfg file:

global
    log 127.0.0.1 syslog debug
    lua-load /etc/haproxy/cors.lua
    maxconn 2000
    tune.ssl.default-dh-param 2048
    user haproxy
    tune.maxrewrite     4096
    group haproxy

    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM

defaults
    log global
    mode http
    option forwardfor
    option http-server-close
    option httplog
    option dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000
    timeout tunnel  2h  #this is for websocket connections, 2 hours inactivity timeout
    timeout client-fin 5000
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http


frontend http_lb
  bind *:80
  bind *:443 ssl crt /etc/haproxy/certs/
  #redirect scheme https if !{ ssl_fc } # Added code 301
  http-request redirect scheme https unless { ssl_fc }

 acl testbox hdr(host) -i test.streamingworld.us

  acl acl_letsencrypt path_beg /.well-known/acme-challenge/
  use_backend be_letsencrypt if acl_letsencrypt

 use_backend testenv if testbox

backend be_letsencrypt
        server letsencrypt 127.0.0.1:8888

 backend testenv
       balance leastconn
       http-request set-header X-Client-IP %[src]
      redirect scheme https if ! { ssl_fc }
      server testing  10.90.200.247:80 check verify none

I am also posting this to the Letsencrypt forum also.

Your suggestions are much welcome.

Ray

1 post - 1 participant

Read full topic

Renew Cert updates but old cert being used?

Trending Articles

RAMAYAMPET Mandal Sarpanch | Upa-Sarpanch | Ward member Mobile Numbers Medak...

लड़कियां सेक्स के दौरान क्यों करती है उह! आह!लड़कियां सेक्स के दौरान क्यों करती...

Neem Baba Extra Questions Answer Class 6 English Poorvi

Throw Back: 4×4 — Sikilitele (Ft Castro) Prod by JQ

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Lowe faces four theft charges

Practice Sheet of Right form of verbs for HSC Students

Mafia, Murder & Mayhem In The Motor City: Detroit Mob Hit Timeline (1937-2007)

The 10 Tennessee Cities With The Largest Black Population For 2021

Materials Around Us Class 6 Worksheet Science Chapter 6

デスクトップヒープの枯渇

Best Suvichar in Hindi |बेस्ट सुविचार |शुभ विचार हिंदी में

Kanulanu Thaake Lyrics and translation | Manam (2014)

Korean Sex Porn Videos: XXX Videos & Free Porn Movies

Teen Shot In Miami Drive-By Dies From Injuries

Download: IQ Muzatasha feat Shy D & Pmj – Ulesi NiFertilizer Yamavuto

Mahakal Attitude Status

Property developer set up cannabis factory to help pay off debts...

♡

KB: How to troubleshoot issues when adding a Hyper-V host in System Center...