Generate your CSR This generates a unique private key, skip this if you already have one.
sudo openssl genrsa -out etc/ssl/yourdomain.com/yourdomain.com.key 1024
Next generate your CSR (Certificate Signing Request), required by GoDaddy:
sudo openssl req -new -key /etc/ssl/yourdomain.com/yourdomain.com.key \
-out /etc/ssl/yourdomain.com/yourdomain.com.csr
note: Save all of these files and make sure to keep the .key file secure.
Send this to GoDaddy In the GoDaddy certificate management flow, there is a place where you give them the CSR. To get the contents of the CSR, open the CSR file in your favorite editor or:
cat /etc/ssl/yourdomain.com/yourdomain.com.csr
Once GoDaddy verifies the signing request, they will allow you to download the certificate.
Download this file, extract, and rename the file which is a series of letters and numbers followed by a .crt extension (eg. 5a3bc0b2842be632.crt) to yourdomain.com.crt. Send these files to your server.
HaProxy requires a .pem file formatted as follows:
- Private Key (generated earlier)
- SSL Certificate (the file that will be a series of numbers and letters followed by .crt, included in the zip you downloaded from GoDaddy)
- CA-Bundle (gd_bundle-g2-g1.crt)
sudo cat yourdomain.key cat yourdomain.com.crt gd_bundle-g2-g1.crt > /etc/ssl/private/yourdomain.com.combined.pem
Configure HAProxy to use this new PEM
Example:
frontend www-https
bind *:443 ssl crt /etc/ssl/private/yourdomain.com.combined.pem
reqadd X-Forwarded-Proto:\ https
default_backend www-backend
note: The values on the bind line should be correct for most use cases, but make sure the other lines are correctly configured for yours.