From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 20 Nov 2025 11:44:54 +0000 (+0100)
Subject: DOC: acme: configuring acme needs a crt file
X-Git-Tag: v3.3-dev14~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6e3e5b3a647f6f1b75293193e4583ab3e6a7106;p=thirdparty%2Fhaproxy.git

DOC: acme: configuring acme needs a crt file

Configuring acme in 3.2 needs a certificate on the disk.

To be backported to 3.2
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 12ae3f90d..9db057d70 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -31033,6 +31033,9 @@ Current limitations as of 3.2:
 - The feature is limited to the HTTP-01 or DNS-01 challenges for now. HTTP-01
   is completely handled by HAProxy, but DNS-01 needs either the dataplaneAPI or
   another 3rd party tool to talk to a DNS provider API.
+- Configuring acme needs a configuration with a crt, it's currently not
+  possible to start without this crt on the disk, a key-pair must already exist
+  to start haproxy. It is recommanded to use an expired certificate for that.
 - The current HAProxy architecture is a non-blocking model, access to the disk
   is not supposed to be done after the configuration is loaded, because it
   could block the event loop, blocking the traffic on the same thread. Meaning