No obvious way to deal with multiple certificates from autocert
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
charm-haproxy |
New
|
Undecided
|
Unassigned |
Bug Description
autocert can easily be configured to drop certificates into `/var/lib/
if service_crts:
# Enable SSL termination for this frontend, using the given
# certificates.
bind_stanza += " ssl"
for i, crt in enumerate(
if crt == "DEFAULT":
else:
# SSLv3 is always off, since it's vulnerable to POODLE attacks
It would be helpful if I could do something like `crts: ["EXTERNAL:
In the absence of this, I guess the workaround is to arrange to get a single certificate with a Subject Alternate Name.
Another idea, perhaps have an option to specify the certificate path which HAProxy supports[1]:
"""
If a directory name is used instead of a PEM file, then all files found in
that directory will be loaded in alphabetic order unless their name ends
with '.key', '.issuer', '.ocsp' or '.sctl' (reserved extensions).
"""
[1]http:// cbonte. github. io/haproxy- dconv/2. 2/configuration .html#5. 1-crt