Changes are required to make HAProxy work if certfile is specified:
"certfile: (optional): Specifies the file with the certificate in the PEM format. If the certfile is not specified or is left empty, the API server will work without SSL."
There also should be considered if verify_client is set to "required", that HAProxy probably needs certificates to communicate with the Patroni REST-API for safe requests:
"verify_client: (optional): none (default), optional or required. When none REST API will not check client certificates. When required client certificates are required for all REST API calls. When optional client certificates are required for all unsafe REST API endpoints. When required is used, then client authentication succeeds if the certificate signature verification succeeds. "
Changes are required to make HAProxy work if certfile is specified: "certfile: (optional): Specifies the file with the certificate in the PEM format. If the certfile is not specified or is left empty, the API server will work without SSL."
There also should be considered if verify_client is set to "required", that HAProxy probably needs certificates to communicate with the Patroni REST-API for safe requests: "verify_client: (optional): none (default), optional or required. When none REST API will not check client certificates. When required client certificates are required for all REST API calls. When optional client certificates are required for all unsafe REST API endpoints. When required is used, then client authentication succeeds if the certificate signature verification succeeds. "