haproxytechblog · January 8, 2022 17:22
diff --git a/blog20180524-01.cfg b/blog20180524-01.cfg
 global
    log /dev/log local0 debug
    nbproc 1
    daemon
    lua-load config.lua
    lua-load acme.lua

 defaults
    log global
    mode http
    option httplog
    timeout connect 5s
    timeout client 10s
    timeout server 10s

 listen http
    bind *:80
    http-request use-service lua.acme if { path_beg /.well-known/acme-challenge/ }

 userlist acme_users
    user acme password $5$Tmx0ttbvZB1TsL$QDbECr8B.rPvB9LWmSypDuVYwJJtReWrh.HWpmZNMaA

 listen acme
    bind 127.0.0.1:9011
    acl acme_auth http_auth(acme_users)
    http-request auth realm "HAProxy ACME auth" if !acme_auth
    http-request use-service lua.acme

 listen acme-ca
    bind 127.0.0.1:9012
    server ca acme-v02.api.letsencrypt.org:443 ssl verify required ca-file letsencrypt-x3-ca-chain.pem
    http-request set-header Host acme-v02.api.letsencrypt.org
diff --git a/blog20180524-02.lua b/blog20180524-02.lua
 config = {
    registration = {
        -- You can read TOS here: https://letsencrypt.org/repository/
        termsOfServiceAgreed = false,
        contact = {"mailto:[email protected]"}
    },

    -- ACME certificate authority configuration
    ca = {
        -- HAProxy backend/server which proxies requests to ACME server
        proxy_uri = "http://127.0.0.1:9012",
        -- ACME server URI (also returned by ACME directory listings)
        -- Use this server name in HAProxy config
        uri = "https://acme-v02.api.letsencrypt.org",
    }
 }
diff --git a/blog20180524-03.sh b/blog20180524-03.sh
 openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out account.key
 openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out example.net.key
diff --git a/blog20180524-04.sh b/blog20180524-04.sh
 curl -XPOST -u acme:acme http://127.0.0.1:9011/acme/order \
    -F '[email protected]' \
    -F 'domain=example.net' \
    -F '[email protected]' \
    -F 'aliases=www.example.net,example.com,www.example.com' \
    -o example.net.pem
	global
	log /dev/log local0 debug
	nbproc 1
	daemon
	lua-load config.lua
	lua-load acme.lua

	defaults
	log global
	mode http
	option httplog
	timeout connect 5s
	timeout client 10s
	timeout server 10s

	listen http
	bind *:80
	http-request use-service lua.acme if { path_beg /.well-known/acme-challenge/ }

	userlist acme_users
	user acme password $5$Tmx0ttbvZB1TsL$QDbECr8B.rPvB9LWmSypDuVYwJJtReWrh.HWpmZNMaA

	listen acme
	bind 127.0.0.1:9011
	acl acme_auth http_auth(acme_users)
	http-request auth realm "HAProxy ACME auth" if !acme_auth
	http-request use-service lua.acme

	listen acme-ca
	bind 127.0.0.1:9012
	server ca acme-v02.api.letsencrypt.org:443 ssl verify required ca-file letsencrypt-x3-ca-chain.pem
	http-request set-header Host acme-v02.api.letsencrypt.org
	config = {
	registration = {
	-- You can read TOS here: https://letsencrypt.org/repository/
	termsOfServiceAgreed = false,
	contact = {"mailto:[email protected]"}
	},

	-- ACME certificate authority configuration
	ca = {
	-- HAProxy backend/server which proxies requests to ACME server
	proxy_uri = "http://127.0.0.1:9012",
	-- ACME server URI (also returned by ACME directory listings)
	-- Use this server name in HAProxy config
	uri = "https://acme-v02.api.letsencrypt.org",
	}
	}
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out account.key
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out example.net.key
	curl -XPOST -u acme:acme http://127.0.0.1:9011/acme/order \
	-F '[email protected]' \
	-F 'domain=example.net' \
	-F '[email protected]' \
	-F 'aliases=www.example.net,example.com,www.example.com' \
	-o example.net.pem