Hi, I can't get runtime API set ssl cert to work with crt-store
certificates.
crt-store certificates have an alias for a filename and it looks like set
ssl cert might not respect that:
# printf "set ssl cert @alias/name \n`cat
/etc/lego/certificates/redacted.unified.crt`\n" | socat -
/run/haproxy/admin.sock
'set ssl cert' expects a filename and a certificate as a payload
but the certificate file looks good:
# openssl x509 -in redacted.unified.crt -noout -text
Certificate:
Data:
(...)
# openssl pkey -in redacted.unified.crt -noout -text
Private-Key: (256 bit)
priv:
(...)
and the alias looks good too:
# echo "show ssl cert @alias/name" | socat - /run/haproxy/admin.sock
Filename: @alias/name
Status: Used
(...)
This problem is exacerbated by the fact that any input returns the same
error ("expects a") and I can't tell whether haproxy balks at the filename,
the certificate content, or formatting / newline placements.
Please advise.
Regards,
Gil
