Comment 3 for bug 2006986

Hi Dmitriy,

Thanks for your response.

Variables for keepalived are already defined in my case with correct IP addresses.

So I tried with haproxy_bind_external/internal_lb_vip_address and haproxy_bind_external/internal_lb_vip_interface but another error occurred, certificate in configuration is `/etc/haproxy/ssl/haproxy_node0-10.2.200.205.pem` but certificate file in ssl directory is `haproxy_node0-10.2.200.200-br-mgmt.pem`.
Another problem is that the certificate is self signed but not certbot one.

This is my configuration :

###################################
haproxy_keepalived_external_vip_cidr: "10.2.200.200/24"
haproxy_keepalived_internal_vip_cidr: "10.2.200.205/24"
haproxy_keepalived_external_interface: br-mgmt
haproxy_keepalived_internal_interface: br-mgmt

haproxy_bind_external_lb_vip_address: 10.2.200.200
haproxy_bind_internal_lb_vip_address: 10.2.200.205

haproxy_bind_external_lb_vip_interface: br-mgmt
haproxy_bind_internal_lb_vip_interface: br-mgmt

# https://bugs.launchpad.net/openstack-ansible/+bug/2006938
# I delete --standalone argument in task file
haproxy_ssl_letsencrypt_enable: True
haproxy_ssl_letsencrypt_install_method: "distro"
haproxy_ssl_letsencrypt_email: *****
haproxy_interval: 2000
haproxy_ssl_letsencrypt_setup_extra_params: "--dns-google --dns-google-credentials *****"
haproxy_ssl_letsencrypt_certbot_challenge: "dns-01"

haproxy_stats_enabled: true
haproxy_stats_prometheus_enabled: true
###################################

I tried with and without define interfaces without effect and change `haproxy_tls_vip_binds` but I have issue want haproxy generate pem.

EDIT:

My bad, certbot cert is generate after flush handlers but role failed in this step.