Skip to content

Instantly share code, notes, and snippets.

Last active January 8, 2022 17:22
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Let’s Encrypt (ACMEv2) for HAProxy
log /dev/log local0 debug
nbproc 1
lua-load config.lua
lua-load acme.lua
log global
mode http
option httplog
timeout connect 5s
timeout client 10s
timeout server 10s
listen http
bind *:80
http-request use-service lua.acme if { path_beg /.well-known/acme-challenge/ }
userlist acme_users
user acme password $5$Tmx0ttbvZB1TsL$QDbECr8B.rPvB9LWmSypDuVYwJJtReWrh.HWpmZNMaA
listen acme
acl acme_auth http_auth(acme_users)
http-request auth realm "HAProxy ACME auth" if !acme_auth
http-request use-service lua.acme
listen acme-ca
server ca ssl verify required ca-file letsencrypt-x3-ca-chain.pem
http-request set-header Host
config = {
registration = {
-- You can read TOS here:
termsOfServiceAgreed = false,
contact = {""}
-- ACME certificate authority configuration
ca = {
-- HAProxy backend/server which proxies requests to ACME server
proxy_uri = "",
-- ACME server URI (also returned by ACME directory listings)
-- Use this server name in HAProxy config
uri = "",
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out account.key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out
curl -XPOST -u acme:acme \
-F 'account_key=@account.key' \
-F '' \
-F '' \
-F ',,' \
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment