A hotfix for the certificate not working is to change `dest` for `Create new pem file for haproxy` in (haproxy_server role, usually in /etc/ansible/roles/haproxy_server)/tasks/haproxy_ssl_letsencrypt.yml to `"{{ haproxy_ssl_cert_path }}/haproxy_{{ ansible_facts['hostname'] }}-{{ haproxy_bind_external_lb_vip_address }}.pem"`
And then of course run `openstack-ansible /opt/openstack-ansible/playbooks/haproxy-install.yml`
Note that this hotfix will overwrite the self-signed and automatically generated certificate originally stored there.
The final Let's Encrypt certificate chain is copied to /etc/ssl/private (see https:/ /opendev. org/openstack/ openstack- ansible- haproxy_ server/ src/branch/ master/ tasks/haproxy_ ssl_letsencrypt .yml#L106), a directory no longer being used as it was replaced by /etc/haproxy/ssl.
A hotfix for the certificate not working is to change `dest` for `Create new pem file for haproxy` in (haproxy_server role, usually in /etc/ansible/ roles/haproxy_ server) /tasks/ haproxy_ ssl_letsencrypt .yml to `"{{ haproxy_ ssl_cert_ path }}/haproxy_{{ ansible_ facts[' hostname' ] }}-{{ haproxy_ bind_external_ lb_vip_ address }}.pem"` ansible/ playbooks/ haproxy- install. yml`
And then of course run `openstack-ansible /opt/openstack-
Note that this hotfix will overwrite the self-signed and automatically generated certificate originally stored there.