The frontend service config for haproxy currently is limited to a single certificate in a single file, however haproxy supports multiple certificates which enables reverse-proxy for more than one domain certificate.
In my current use-case, cloudflare generates a different origin certificate for each domain, and there is no way to combine these.
Relevant reverse-proxy load-balancing configuration:
service https_app_k3s-1 { backend https_app_k3s-1 listen-address :: listen-address 0.0.0.0 mode http port 443 ssl { certificate cloudflare-origin_domain_a } }
Relevant generated haproxy.cfg section
frontend https_app_k3s-1 bind [::]:443 ssl crt /run/haproxy/cloudflare-origin_domain_a.pem bind 0.0.0.0:443 ssl crt /run/haproxy/cloudflare-origin_domain_a.pem mode http default_backend https_app_k3s-1
Example manually tweaked haproxy.cfg to enable multiple domains (verified as working)
frontend https_app_k3s-1 bind [::]:443 ssl crt /run/haproxy/cloudflare-origin_domain_a.pem crt /run/haproxy/cloudflare-origin_domain_b.pem bind 0.0.0.0:443 ssl crt /run/haproxy/cloudflare-origin_domain_a.pem crt /run/haproxy/cloudflare-origin_domain_b.pem mode http default_backend https_app_k3s-1