Unexpected 500 on /services/haproxy/runtime/ssl_certs when resource already exists#400
Description
Expected behaviour
Per https://www.haproxy.com/documentation/dataplaneapi/community/?v=v3#post-/services/haproxy/runtime/ssl_certspost /services/haproxy/runtime/ssl_certs should return a 409 if "the specified resource already exists".
Actual behavior
Returns a 500 instead:
curl -s --unix-socket "/data/run/dataplaneapi.sock" "http://localhost/v3/services/haproxy/runtime/ssl_certs" -v' * Trying /data/run/dataplaneapi.sock:0... * Connected to localhost (/data/run/dataplaneapi.sock) port 80 (#0) > GET /v3/services/haproxy/runtime/ssl_certs HTTP/1.1 > Host: localhost > User-Agent: curl/7.86.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Configuration-Version: 1 < Content-Type: application/json < Vary: Origin < Date: Fri, 23 Jan 2026 13:40:44 GMT < Content-Length: 1381 <{[1381 bytes data] * Connection #0 to host localhost left intact [{"description":"example.com","storage_name":"/data/haproxy/ssl/example.com"}] curl -s --unix-socket "/data/run/dataplaneapi.sock" "http://localhost/v3/services/haproxy/runtime/ssl_certs" -X POST -F "file_upload=@/data/haproxy/ssl/example.com" -v' * Trying /data/run/dataplaneapi.sock:0... * Connected to localhost (/data/run/dataplaneapi.sock) port 80 (#0) > POST /v3/services/haproxy/runtime/ssl_certs HTTP/1.1 > Host: localhost > User-Agent: curl/7.86.0 > Accept: */* > Content-Length: 3480 > Content-Type: multipart/form-data; boundary=------------------------914ee16b89929b78 >} [3480 bytes data] * We are completely uploaded and fine * Mark bundle as not supporting multiuse < HTTP/1.1 500 Internal Server Error < Configuration-Version: 1 < Content-Type: application/json < Vary: Origin < Date: Fri, 23 Jan 2026 13:40:20 GMT < Content-Length: 153 <{[153 bytes data] * Connection #0 to host localhost left intact{"code":500,"message":"/tmp/admin.sock [3] Certificate 'example.com' already exists! [new ssl cert example.com] general error"} Additional information
haproxy.cfg:
global stats socket /tmp/admin.sock mode 600 level admin defaults www_defaults mode http userlist haproxy-dataplaneapi resolvers docker nameserver dnsmasq 127.0.0.11:53 frontend www from www_defaults bind *:8888 bind *:8443 ssl crt /data/haproxy/ssl/ http-request set-var(txn.path_config) path,map_reg(opt@/data/haproxy/maps/path_percentage_routing.map) http-request set-var(txn.backend_key) var(txn.path_config),field(2,|) acl has_dynamic_backend var(txn.backend_key) -m found use_backend %[var(txn.backend_key)] if has_dynamic_backend default_backend legacy backend legacy from www_defaults server app app:8001 check resolvers docker resolve-prefer ipv4 backend backend1 from www_defaults http-request return status 200 content-type "text/plain" lf-string "200 OK" hdr "X-Backend" "backend1" backend backend2 from www_defaults http-request return status 200 content-type "text/plain" lf-string "200 OK" hdr "X-Backend" "backend2" dataplaneapi.yaml:
config_version: 2 name: 40a1dac72c2f dataplaneapi: show_system_info: true socket_path: /data/run/dataplaneapi.sock host: 127.0.0.1 disable_inotify: true advertised: api_address: "" api_port: 0 scheme: - unix userlist: userlist: controller userlist_file: "" transaction: transaction_dir: /data/dataplaneapi/transactions backups_number: 10 backups_dir: /data/dataplaneapi/backups max_open_transactions: 10 resources: maps_dir: /data/haproxy/maps ssl_certs_dir: /data/haproxy/ssl general_storage_dir: /data/dataplaneapi/general dataplane_storage_dir: /data/dataplaneapi/dataplane spoe_dir: /data/dataplaneapi/spoe haproxy: config_file: /data/haproxy/haproxy.cfg haproxy_bin: /usr/sbin/haproxy reload: reload_delay: 5 service_name: /run/service/haproxy reload_strategy: s6 log_targets: - log_to: stdout log_level: debug log_format: text log_types: - app - access