Skip to content

Instantly share code, notes, and snippets.

Created June 15, 2018 04:34
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Let's Encrypt renewal with haproxy
# The key bit is the 'bind' statement in the frontend
frontend https-in
# match the filename here to your $HAPCERTFILE
bind ssl crt /etc/haproxy/certs/combined.pem
reqadd X-Forwarded-Proto:\ https
# acl, use_backend, and other statements...
acl srv_host_1 hdr(host) -i
acl srv_host_2 hdr(host) -i
use_backend backend_1 if srv_host_1
use_backend backend_2 if srv_host_2
backend backend_1
server local check
backend backend_2
server www1 check
# To renew SSL certs using certbot-auto
TODAY=`/bin/date +"%Y%m%d"`
# Customize these:
# Shortcut to the shortcut
# Stop services, so cerbot can bind ports for confirmation
service haproxy stop
service nginx stop
# Backup the old cert file
cp --no-clobber $HAPCERTFILE $HAPCERTFILE.`/bin/date +"%Y%m%d"`
# Combine the fullchain and privkey files for haproxy
cat $LECERTPATH/fullchain.pem \
$LECERTPATH/privkey.pem \
# Restart services
service nginx start
service haproxy start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment