Generate your CSR This generates a unique private key, skip this if you already have one.
sudo openssl genrsa -out etc/ssl/yourdomain.com/yourdomain.com.key 1024Next generate your CSR (Certificate Signing Request), required by GoDaddy:
sudo openssl req -new -key /etc/ssl/yourdomain.com/yourdomain.com.key \
-out /etc/ssl/yourdomain.com/yourdomain.com.csrnote: Save all of these files and make sure to keep the .key file secure.
Send this to GoDaddy In the GoDaddy certificate management flow, there is a place where you give them the CSR. To get the contents of the CSR, open the CSR file in your favorite editor or:
cat /etc/ssl/yourdomain.com/yourdomain.com.csrOnce GoDaddy verifies the signing request, they will allow you to download the certificate.
Download this file, extract, and rename the file which is a series of letters and numbers followed by a .crt extension (eg. 5a3bc0b2842be632.crt) to yourdomain.com.crt. Send these files to your server.
HaProxy requires a .pem file formatted as follows:
- Private Key (generated earlier)
- SSL Certificate (the file that will be a series of numbers and letters followed by .crt, included in the zip you downloaded from GoDaddy)
- CA-Bundle (gd_bundle-g2-g1.crt)
sudo cat yourdomain.key cat yourdomain.com.crt gd_bundle-g2-g1.crt > /etc/ssl/private/yourdomain.com.combined.pemConfigure HAProxy to use this new PEM
Example:
frontend www-https
bind *:443 ssl crt /etc/ssl/private/yourdomain.com.combined.pem
reqadd X-Forwarded-Proto:\ https
default_backend www-backend
note: The values on the bind line should be correct for most use cases, but make sure the other lines are correctly configured for yours.
Nice! Worked for me with.....
sudo openssl genrsa -out etc/ssl/yourdomain.com/yourdomain.com.key 2048
And sending the generated CSR string to GoDaddy for sign. Thank's bro!