Created
September 30, 2020 07:20
-
-
Save charlyie/026178b6ad5808fcac995a0e627a3493 to your computer and use it in GitHub Desktop.
HaProxy Certbot's Let's encrypt SSL HTTPS certificate renewal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Authorize 8888 on Loadbalancer (haproxy) | |
| # In the frontend:80 & frontend:443, add : | |
| acl letsencrypt-acl path_beg /.well-known/acme-challenge/ | |
| use_backend letsencrypt-backend if letsencrypt-acl | |
| # Add a new backend : | |
| backend letsencrypt-backend | |
| server letsencrypt 127.0.0.1:8888 | |
| # Run it once, for the 1st certificate generation | |
| certbot certonly --standalone -d my.domain.com --non-interactive --agree-tos --email [email protected] --http-01-port=8888 | |
| #Script for auto renewal, run it through cron (0 0 15,30 * *) : | |
| #!/usr/bin/env bash | |
| # Renew the certificate | |
| #certbot-auto renew --force-renewal --http-01-port=8888 | |
| certbot-auto renew --http-01-port=8888 | |
| # Concatenate new cert files, with less output (avoiding the use tee and its output to stdout) | |
| for D in `find /etc/letsencrypt/live/ -type d` | |
| do | |
| DOMAIN=`basename $D` | |
| printf "Processing domain $DOMAIN...\n" | |
| bash -c "cat /etc/letsencrypt/live/${DOMAIN}/fullchain.pem /etc/letsencrypt/live/${DOMAIN}/privkey.pem > /etc/haproxy/certs/${DOMAIN}.pem" | |
| done | |
| # Reload HAProxy | |
| /etc/init.d/haproxy reload |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment