haproxytechblog/blog20180524-01.cfg

## blog20180524-01.cfg
global
    log /dev/log local0 debug
    nbproc 1
    daemon
    lua-load config.lua
    lua-load acme.lua

defaults
    log global
    mode http
    option httplog
    timeout connect 5s
    timeout client 10s
    timeout server 10s

listen http
    bind *:80
    http-request use-service lua.acme if { path_beg /.well-known/acme-challenge/ }

userlist acme_users
    user acme password $5$Tmx0ttbvZB1TsL$QDbECr8B.rPvB9LWmSypDuVYwJJtReWrh.HWpmZNMaA

listen acme
    bind 127.0.0.1:9011
    acl acme_auth http_auth(acme_users)
    http-request auth realm "HAProxy ACME auth" if !acme_auth
    http-request use-service lua.acme

listen acme-ca
    bind 127.0.0.1:9012
    server ca acme-v02.api.letsencrypt.org:443 ssl verify required ca-file letsencrypt-x3-ca-chain.pem
    http-request set-header Host acme-v02.api.letsencrypt.org

## blog20180524-02.lua
config = {
    registration = {
        -- You can read TOS here: https://letsencrypt.org/repository/
        termsOfServiceAgreed = false,
        contact = {"mailto:postmaster@example.net"}
    },

    -- ACME certificate authority configuration
    ca = {
        -- HAProxy backend/server which proxies requests to ACME server
        proxy_uri = "http://127.0.0.1:9012",
        -- ACME server URI (also returned by ACME directory listings)
        -- Use this server name in HAProxy config
        uri = "https://acme-v02.api.letsencrypt.org",
    }
}

## blog20180524-03.sh
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out account.key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out example.net.key

## blog20180524-04.sh
curl -XPOST -u acme:acme http://127.0.0.1:9011/acme/order \
    -F 'account_key=@account.key' \
    -F 'domain=example.net' \
    -F 'domain_key=@example.net.key' \
    -F 'aliases=www.example.net,example.com,www.example.com' \
    -o example.net.pem
	global
	log /dev/log local0 debug
	nbproc 1
	daemon
	lua-load config.lua
	lua-load acme.lua

	defaults
	log global
	mode http
	option httplog
	timeout connect 5s
	timeout client 10s
	timeout server 10s

	listen http
	bind *:80
	http-request use-service lua.acme if { path_beg /.well-known/acme-challenge/ }

	userlist acme_users
	user acme password $5$Tmx0ttbvZB1TsL$QDbECr8B.rPvB9LWmSypDuVYwJJtReWrh.HWpmZNMaA

	listen acme
	bind 127.0.0.1:9011
	acl acme_auth http_auth(acme_users)
	http-request auth realm "HAProxy ACME auth" if !acme_auth
	http-request use-service lua.acme

	listen acme-ca
	bind 127.0.0.1:9012
	server ca acme-v02.api.letsencrypt.org:443 ssl verify required ca-file letsencrypt-x3-ca-chain.pem
	http-request set-header Host acme-v02.api.letsencrypt.org
	config = {
	registration = {
	-- You can read TOS here: https://letsencrypt.org/repository/
	termsOfServiceAgreed = false,
	contact = {"mailto:postmaster@example.net"}
	},

	-- ACME certificate authority configuration
	ca = {
	-- HAProxy backend/server which proxies requests to ACME server
	proxy_uri = "http://127.0.0.1:9012",
	-- ACME server URI (also returned by ACME directory listings)
	-- Use this server name in HAProxy config
	uri = "https://acme-v02.api.letsencrypt.org",
	}
	}
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out account.key
	openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out example.net.key
	curl -XPOST -u acme:acme http://127.0.0.1:9011/acme/order \
	-F 'account_key=@account.key' \
	-F 'domain=example.net' \
	-F 'domain_key=@example.net.key' \
	-F 'aliases=www.example.net,example.com,www.example.com' \
	-o example.net.pem