Example config haproxy ssl with let's encrypt global maxconn 2048 tune.ssl.default-dh-param 2048 defaults option forwardfor option http-server-close frontend www-http bind xxx.xxx.xxx.xxx:80 reqadd X-Forwarded-Proto:\ http default_backend servers frontend www-https bind xxx.xxx.xxx.xxx:443 ssl crt /etc/haproxy/certs/example.com.pem reqadd X-Forwarded-Proto:\ https acl letsencrypt-acl path_beg /.well-known/acme-challenge/ use_backend letsencrypt-backend if letsencrypt-acl default_backend servers backend servers redirect scheme https if !{ ssl_fc } server webserver1 xxx.xxx.xxx.xxx:xxxx check server webserver2 xxx.xxx.xxx.xxx:xxxx check backend letsencrypt-backend server letsencrypt 127.0.0.1:54321 Check config file haproxy -f /etc/haproxy/haproxy.cfg -c