Last active
January 5, 2016 10:01
-
-
Save erkiesken/d458d4cb84396ec1fcdb to your computer and use it in GitHub Desktop.
haproxy letsencrypt automation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From article: | |
| https://blog.brixit.nl/automating-letsencrypt-and-haproxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Renew certificates on the first day of every month on a random time | |
| 42 0 1 * * /opt/letsencryt-haproxy my-domain.com | |
| 37 13 1 * * /opt/letsencrypt-haproxy my-other-domain.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Path to the letsencrypt-auto tool | |
| LE_TOOL=/opt/letsencrypt/letsencrypt-auto | |
| # Directory where the acme client puts the generated certs | |
| LE_OUTPUT=/etc/letsencrypt/live | |
| # Create or renew certificate for the domain(s) supplied for this tool | |
| $LE_TOOL --agree-tos --renew-by-default --standalone --standalone-supported-challenges http-01 --http-01-port 9999 certonly -d $@ | |
| # Cat the certificate chain and the private key together for haproxy | |
| cat $LE_OUTPUT/$1/{fullchain.pem,privkey.pem} > /etc/haproxy/ssl/${1}.pem | |
| # Reload the haproxy daemon to activate the cert | |
| systemctl reload haproxy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment