certbot certonly \
--dry-run \
--agree-tos \
--run-deploy-hooks \
--deploy-hook /path/to/letsencrypt_haproxy_hook.sh \
--standalone \
--preferred-challenges http-01 \
--http-01-port 54321 \
-d ...
Last active
September 8, 2023 19:18
-
-
Save turikhay/913a5592b5f6012bf53eb9edfd64aa2e to your computer and use it in GitHub Desktop.
HAProxy + Letsencrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend fe | |
| bind *:80 | |
| # Enable after successful certificate issue | |
| # bind *:443 ssl crt /etc/ssl/private/<domain>.pem | |
| acl letsencrypt-acl path_beg /.well-known/acme-challenge/ | |
| use_backend le if letsencrypt-acl | |
| default_backend proxy | |
| backend le | |
| server letcencrypt 127.0.0.1:54321 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # Original author: Olivier M. (@gqdc) | |
| # Source: https://github.com/gqdc/certbot-haproxy-hooks | |
| # | |
| # | |
| IFS=' ' | |
| CRT_FOLDER="/etc/ssl/private" | |
| for domain in $RENEWED_DOMAINS; do | |
| cd $RENEWED_LINEAGE | |
| cat fullchain.pem privkey.pem > $CRT_FOLDER/$domain.pem | |
| done | |
| systemctl reload haproxy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment