### GoDaddy SSL Certificates PEM Creation for HaProxy (Ubuntu 14.04)

#### 1 Acquire your SSL Certificate
**Generate your CSR**
This generates a unique private key, skip this if you already have one.

```bash 
sudo openssl genrsa -out  etc/ssl/yourdomain.com/yourdomain.com.key 1024
```
Next generate your CSR (Certificate Signing Request), required by GoDaddy:
```bash
sudo openssl req -new -key /etc/ssl/yourdomain.com/yourdomain.com.key \
                   -out /etc/ssl/yourdomain.com/yourdomain.com.csr
```
**note:** Save all of these files and make sure to keep the _.key_ file secure.

**Send this to GoDaddy**
In the GoDaddy certificate management flow, there is a place where you give them the CSR. To get the contents of the CSR, open the CSR file in your favorite editor or:

```bash
cat /etc/ssl/yourdomain.com/yourdomain.com.csr
```
Once GoDaddy verifies the signing request, they will allow you to download the certificate.

Download this file, extract, and rename the file which is a series of letters and numbers followed by a _.crt_ extension (eg. 5a3bc0b2842be632.crt) to _yourdomain.com.crt_. Send these files to your server.

#### 2 Create Requried PEM for HAProxy**
HaProxy requires a _.pem_ file formatted as follows:
1. Private Key (generated earlier)
2. SSL Certificate (the file that will be a series of numbers and letters followed by .crt, included in the zip you downloaded from GoDaddy)
3. CA-Bundle (gd_bundle-g2-g1.crt)

```bash
sudo cat yourdomain.key cat yourdomain.com.crt gd_bundle-g2-g1.crt > /etc/ssl/private/yourdomain.com.combined.pem
```
**Configure HAProxy to use this new PEM**

Example:

```config
frontend www-https
   bind *:443 ssl crt /etc/ssl/private/yourdomain.com.combined.pem
   reqadd X-Forwarded-Proto:\ https
   default_backend www-backend
```
**note:** The values on the bind line should be correct for most use cases, but make sure the other lines are correctly configured for yours.