# Authorize 8888 on Loadbalancer (haproxy)
# In the frontend:80 & frontend:443, add :
    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
    use_backend letsencrypt-backend if letsencrypt-acl

# Add a new backend :
backend letsencrypt-backend
    server letsencrypt 127.0.0.1:8888

# Run it once, for the 1st certificate generation
certbot certonly --standalone -d my.domain.com --non-interactive --agree-tos --email your@email.com --http-01-port=8888

#Script for auto renewal, run it through cron (0 0 15,30 * *) :
#!/usr/bin/env bash

# Renew the certificate
#certbot-auto renew --force-renewal --http-01-port=8888
certbot-auto renew --http-01-port=8888

# Concatenate new cert files, with less output (avoiding the use tee and its output to stdout)
for D in `find /etc/letsencrypt/live/ -type d`
do
    DOMAIN=`basename $D`
    printf "Processing domain $DOMAIN...\n"
    bash -c "cat /etc/letsencrypt/live/${DOMAIN}/fullchain.pem /etc/letsencrypt/live/${DOMAIN}/privkey.pem > /etc/haproxy/certs/${DOMAIN}.pem"
done

# Reload  HAProxy
/etc/init.d/haproxy reload