Last active
March 5, 2021 15:00
-
-
Save tikenn/4d827c0d6ecc2fe5d92aa176459ab7c3 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # just insure that the haproxy cfg file has these settings | |
| frontend https-cluster | |
| bind *:80 | |
| bind *:443 ssl crt /etc/ssl/private | |
| acl letencrypt_challenge_request path_beg /.well-known/acme-challenge | |
| use_backend letsencrypt_challenge_server if letsencrypt_challenge_request | |
| backend letsencrypt_challenge_server | |
| server letsencrypt 127.0.0.1:3313 # port is irrelevant as long as it doesn't match one of the bind ports above and is the same as in the --http-01-port= below |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -------------------------------------------------------------------------------------------- | |
| # HAProxy Automatic Certificate Issuer | |
| # -------------------------------------------------------------------------------------------- | |
| # Automatically issues a new certificate for HAProxy installations by first creating a | |
| # certificate with certbot without interaction. Then, copies the combined certificate and | |
| # private key to the default directory (/etc/ssl/private) | |
| # | |
| # -------------------------------------------------------------------------------------------- | |
| # Author Info | |
| # -------------------------------------------------------------------------------------------- | |
| # Name :: Tim Kennell Jr. ~ tikenn | |
| # | |
| # -------------------------------------------------------------------------------------------- | |
| # Config | |
| # -------------------------------------------------------------------------------------------- | |
| # | |
| # PRIMARY_DOMAIN_NAME :: The first domain listed after the script treated as the cert name | |
| # $@ :: Remaining domain names added to the certificate | |
| # | |
| # ~ tikenn | |
| if [[ -z $1 ]]; then | |
| echo | |
| echo "A domain name is required as the first parameter of the script." | |
| echo "Multiple space-separated domain names may be supplied." | |
| echo | |
| exit 1 | |
| fi | |
| PRIMARY_DOMAIN_NAME=$1 | |
| DOMAIN_STRING="" | |
| for i in ${@:1}; do | |
| DOMAIN_STRING+="-d $i " | |
| done | |
| certbot certonly --standalone $DOMAIN_STRING --non-interactive --agree-tos --email [email protected] --http-01-port=3313 | |
| if [[ "$?" = 0 ]]; then | |
| cat /etc/letsencrypt/live/$PRIMARY_DOMAIN_NAME/fullchain.pem /etc/letsencrypt/live/$PRIMARY_DOMAIN_NAME/privkey.pem > /etc/ssl/private/$PRIMARY_DOMAIN_NAME.ssl-unified.pem | |
| systemctl restart haproxy | |
| exit 0 | |
| else | |
| echo "Certificate could not be issued" | |
| exit 1 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment