Installing a TLS SSL certificate in HAProxy from Namecheap - Sectigo Limited certificate
When buying an SSL certificate from Namecheap, you generate a CSR, which generates a private key, save that for later as private.key.
After you've paid for your certificate, you recieve a zip file that looks like this:
$ ls -alh
total 52K
drwxrwxr-x 2 chris chris 4.0K Feb 23 13:26 .
drwxr-xr-x 13 chris chris 4.0K Feb 22 15:35 ..
-rw-rw-r-- 1 chris chris 5.6K Feb 22 10:30 inflex_io.ca-bundle
-rw-rw-r-- 1 chris chris 2.2K Feb 22 10:30 inflex_io.crt
-rw-rw-r-- 1 chris chris 7.5K Feb 22 10:30 inflex_io.p7b
Ignore the .p7b file, it's for Windows servers.
Extract it into a directory and put your private.key file in there.
$ cat inflex_io.crt private.key inflex_io.ca-bundle > ssl-bundle.pem
Next, open the file with your text editor and make sure there's a line separator between the ---begin ...-- things. I had to insert a newline after the first certificate.
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
This order matters. In the wrong order you will get:
unable to load certificate from file '/path/to/ssl-bundle.pem'
And you're going to pull your hair out and scream. I did.
Now in your HAProxy config, put:
bind <your ip>:443 ssl crt /path/to/ssl-bundle.pem
You're good to go.