diff --git a/TLS-ALPN-without-downtime.md b/TLS-ALPN-without-downtime.md
index 84db25a..e3ed533 100644
--- a/TLS-ALPN-without-downtime.md
+++ b/TLS-ALPN-without-downtime.md
@@ -12,7 +12,7 @@ This article outlines some ways it is possible to configure webservers to work t
 |-----------|--------|---------|
 | Apache httpd | Not yet possible | - | 
 | nginx | Supported | Requires [ngx_stream_ssl_preread_module](http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html) to be compiled. e.g. on Ubuntu 18.04, included in the `nginx-full` package. |
-| haproxy | Not yet possible | - 
+| haproxy | haproxy>=1.9.1 | - 
 
 ## Instructions
 
@@ -80,3 +80,54 @@ stream {
 5\. Try to issue a certificate (substituting `example.org` for the domain you want on your certificate).
 
     $ sudo acme.sh --issue --alpn --tlsport 10443 -d example.org
+
+### haproxy
+
+With haproxy, what we have to do is run an ALPN load balancer frontend in TCP mode on port 443, and re-assign all HTTPS frontends to an alternate port.
+
+When a TLS-ALPN connection for ACME comes in, it will be routed to acme.sh, otherwise, the connection is forwarded to the normal HTTPS frontend.
+
+1\. Verify that haproxy is at least version 1.9.1:
+
+    $ haproxy -v
+    HA-Proxy version 1.9.2 2019/01/16 - https://haproxy.org/
+
+2\. In the haproxy configuration, as well as re-assigning your existing HTTPS frontend to port 8443, you will need to add:
+
+  1. `fe_alpn` - a TCP frontend on 443 to load balance ALPN
+  2. `bk_acmesh` - A backend to send requests to acme.sh
+  3. `bk_https` - A backend to send requests to your regular HTTPS frontend
+
+```haproxy
+# New
+frontend fe_alpn
+  mode tcp
+  bind :443
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req_ssl_hello_type 1 }
+  use_backend bk_acmesh if { req.ssl_alpn acme-tls/1 }
+  default_backend bk_https
+
+# New
+backend bk_acmesh
+  server acmesh 127.0.0.1:10443
+
+# New
+backend bk_https
+  server https 127.0.0.1:8443
+
+# Existing, changed from 80 -> 8443
+frontend fe_https
+  mode http
+  bind :8443 ssl crt /etc/ssl/haproxy.pem
+  # ...
+```
+
+3\. Make sure the configuration works and reload:
+
+    $ sudo haproxy -c -f /etc/haproxy.cfg
+    $ sudo systemctl reload haproxy
+
+4\. Try to issue a certificate (substituting `example.org` for the domain you want on your certificate).
+
+    $ sudo acme.sh --issue --alpn --tlsport 10443 -d example.org
\ No newline at end of file