I have successfully added multiple Pritunl hosts to a Pritunl server as well as installed HAProxy for load balancing following this article: Load Balancing
After running the required load balancing commands on the primary Pritunl server and created a HAProxy config, I am able to access the Pritunl web interface via HAProxy.
The issue seems to be when I try to use the Pritunl client. When I attempt to import a Pritunl profile, I receive and error saying: Client Error: Unable to verify the first certificate.
The certificate is a public wildcard certificate configured in HAProxy and there are no certificate errors when accessing the Pritunl web server.
I am not able to determine what certificate the Pritunl client is referring to or if there was a simple step I missed.
Seems like Pritunl needs the entire SSL certificate chain in the certificate before it will accept the credentials.
The changes (in my case), had to be made in HAProxy. I had to edit my wildcard public SSL certificate that HAProxy was using and add my SSL root certificate chain to the end of the file. The end file should look something like this:
Certificates should always include the certificate chain for full browser support. Some web browsers including the electron browser included with client may not have the intermediate CAs.