Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Let's Encrypt renewal with haproxy
# The key bit is the 'bind' statement in the frontend
frontend https-in
# match the filename here to your $HAPCERTFILE
bind 10.0.0.1:443 ssl crt /etc/haproxy/certs/combined.pem
reqadd X-Forwarded-Proto:\ https
# acl, use_backend, and other statements...
acl srv_host_1 hdr(host) -i mydomain.com
acl srv_host_2 hdr(host) -i myotherdomain.com
use_backend backend_1 if srv_host_1
use_backend backend_2 if srv_host_2
backend backend_1
server local 127.0.0.1:8080 check
backend backend_2
server www1 www1.myservers.com:80 check
#!/bin/sh
# To renew SSL certs using certbot-auto
PATH=/sbin:/usr/sbin:/usr/local/bin/:/bin:/usr/bin
TODAY=`/bin/date +"%Y%m%d"`
# Customize these:
SITENAME=mydomain.com
HAPCERTPATH=/etc/haproxy/certs
HAPCERTNAME=combined.pem
CERTBOTCMD=/usr/local/bin/certbot-auto
LECERTPATH=/etc/letsencrypt/live/$SITENAME
# Shortcut to the shortcut
HAPCERTFILE=$HAPCERTPATH/$HAPCERTNAME
# Stop services, so cerbot can bind ports for confirmation
service haproxy stop
service nginx stop
$CERTBOTCMD renew
# Backup the old cert file
cp --no-clobber $HAPCERTFILE $HAPCERTFILE.`/bin/date +"%Y%m%d"`
# Combine the fullchain and privkey files for haproxy
cat $LECERTPATH/fullchain.pem \
$LECERTPATH/privkey.pem \
> $HAPCERTFILE
# Restart services
service nginx start
service haproxy start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.