Unexpected 500 on /services/haproxy/runtime/ssl_certs when resource already exists #400
Description
Expected behaviour
Per https://www.haproxy.com/documentation/dataplaneapi/community/?v=v3#post-/services/haproxy/runtime/ssl_certs post /services/haproxy/runtime/ssl_certs should return a 409 if "the specified resource already exists".
Actual behavior
Returns a 500 instead:
curl -s --unix-socket "/data/run/dataplaneapi.sock" "http://localhost/v3/services/haproxy/runtime/ssl_certs" -v'
* Trying /data/run/dataplaneapi.sock:0...
* Connected to localhost (/data/run/dataplaneapi.sock) port 80 (#0)
> GET /v3/services/haproxy/runtime/ssl_certs HTTP/1.1
> Host: localhost
> User-Agent: curl/7.86.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Configuration-Version: 1
< Content-Type: application/json
< Vary: Origin
< Date: Fri, 23 Jan 2026 13:40:44 GMT
< Content-Length: 1381
<
{ [1381 bytes data]
* Connection #0 to host localhost left intact
[{"description":"example.com","storage_name":"/data/haproxy/ssl/example.com"}]
curl -s --unix-socket "/data/run/dataplaneapi.sock" "http://localhost/v3/services/haproxy/runtime/ssl_certs" -X POST -F "file_upload=@/data/haproxy/ssl/example.com" -v'
* Trying /data/run/dataplaneapi.sock:0...
* Connected to localhost (/data/run/dataplaneapi.sock) port 80 (#0)
> POST /v3/services/haproxy/runtime/ssl_certs HTTP/1.1
> Host: localhost
> User-Agent: curl/7.86.0
> Accept: */*
> Content-Length: 3480
> Content-Type: multipart/form-data; boundary=------------------------914ee16b89929b78
>
} [3480 bytes data]
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Configuration-Version: 1
< Content-Type: application/json
< Vary: Origin
< Date: Fri, 23 Jan 2026 13:40:20 GMT
< Content-Length: 153
<
{ [153 bytes data]
* Connection #0 to host localhost left intact
{"code":500,"message":"/tmp/admin.sock [3] Certificate 'example.com' already exists! [new ssl cert example.com] general error"}
Additional information
haproxy.cfg:
global
stats socket /tmp/admin.sock mode 600 level admin
defaults www_defaults
mode http
userlist haproxy-dataplaneapi
resolvers docker
nameserver dnsmasq 127.0.0.11:53
frontend www from www_defaults
bind *:8888
bind *:8443 ssl crt /data/haproxy/ssl/
http-request set-var(txn.path_config) path,map_reg(opt@/data/haproxy/maps/path_percentage_routing.map)
http-request set-var(txn.backend_key) var(txn.path_config),field(2,|)
acl has_dynamic_backend var(txn.backend_key) -m found
use_backend %[var(txn.backend_key)] if has_dynamic_backend
default_backend legacy
backend legacy from www_defaults
server app app:8001 check resolvers docker resolve-prefer ipv4
backend backend1 from www_defaults
http-request return status 200 content-type "text/plain" lf-string "200 OK" hdr "X-Backend" "backend1"
backend backend2 from www_defaults
http-request return status 200 content-type "text/plain" lf-string "200 OK" hdr "X-Backend" "backend2"
dataplaneapi.yaml:
config_version: 2
name: 40a1dac72c2f
dataplaneapi:
show_system_info: true
socket_path: /data/run/dataplaneapi.sock
host: 127.0.0.1
disable_inotify: true
advertised:
api_address: ""
api_port: 0
scheme:
- unix
userlist:
userlist: controller
userlist_file: ""
transaction:
transaction_dir: /data/dataplaneapi/transactions
backups_number: 10
backups_dir: /data/dataplaneapi/backups
max_open_transactions: 10
resources:
maps_dir: /data/haproxy/maps
ssl_certs_dir: /data/haproxy/ssl
general_storage_dir: /data/dataplaneapi/general
dataplane_storage_dir: /data/dataplaneapi/dataplane
spoe_dir: /data/dataplaneapi/spoe
haproxy:
config_file: /data/haproxy/haproxy.cfg
haproxy_bin: /usr/sbin/haproxy
reload:
reload_delay: 5
service_name: /run/service/haproxy
reload_strategy: s6
log_targets:
- log_to: stdout
log_level: debug
log_format: text
log_types:
- app
- access