1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DOC: configuration: specify limitations of ACME for 3.2

Browse Source 
Specify the version for which the limitation applies.
This commit is contained in:
William Lallemand 2025-04-16 14:30:45 +02:00
parent 608eb3d090
commit f36f9ca21c
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/configuration.txt
View File

@ -5879,12 +5879,12 @@ The ACME section allows to configure HAProxy as an ACMEv2 client. This feature
is experimental meaning that "expose-experimental-directives" must be in the
global section so this can be used.
Current limitations: The feature is limited to the HTTP-01 challenge for now.
The current HAProxy architecture is a non-blocking model, access to the disk is
not supposed to be done after the configuration is loaded, because it could
block the event loop, blocking the traffic on the same thread. Meaning that the
certificates and keys generated from HAProxy will need to be dumped from
outside HAProxy using "dump ssl cert" on the stats socket.
Current limitations as of 3.2: The feature is limited to the HTTP-01 challenge
for now. The current HAProxy architecture is a non-blocking model, access to
the disk is not supposed to be done after the configuration is loaded, because
it could block the event loop, blocking the traffic on the same thread. Meaning
that the certificates and keys generated from HAProxy will need to be dumped
from outside HAProxy using "dump ssl cert" on the stats socket.
The generation is not scheduled and must be triggered using the CLI command
"acme renew".