Lets encrypt with haproxy setup and renewal

rajbps

Hi Team,

I have been running haproxy for http and https without any issues. I have been trying to setup let`s encrypt and I have not been very successful. I am looking to have the renewal automated using certbot. Could anyone assist. I wil give the successful detailed solution £50.

Rajbps

kiokoman

i can give you only a hint until someone else will better answer your question. i don't use haproxy inside pfsense.
in this example requests from letsencrpt will be redirected to port 12345 where certbot is listening bypassing the default behavior

acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-bk if letsencrypt-acl

backend letsencrypt-bk
server letsencrypt ipserverweb:12345

sudo certbot renew --tls-sni-01-port=12345

rajbps

@kiokoman Thanks for the pointer.

Where I am getting lost is I would like to use multiple web servers with https on so how to redirect each renewal request to the correct server.

kiokoman

@kiokoman said in Lets encrypt with haproxy setup and renewal:

well-known/acme-challenge

i think you have two options,
acl for every domain
example1.com/.well-known/acme-challenge/
backend letsencrypt-bk1
server letsencrypt1 ipserverweb1:12345
example2.com/.well-known/acme-challenge/
backend letsencrypt-bk2
server letsencrypt2 ipserverweb2:12345

or just use one server to generate / update the certs and then you can scp the certs to the others server with a script

kiokoman

as i said i don't use haproxy so you need to test this out

create backend :
Address: you put the webseerverip you have

create one for every webserver you have
:

then you go to frontend and create acl and action:

pls do not pm me i'm not helping for money donate it to netgate forum / buy a service or an appliance when you can afford it, from them / buy a new car for johnpoz / donate it to some charity
have a nice day