Lets encrypt with haproxy setup and renewal



  • Hi Team,

    I have been running haproxy for http and https without any issues. I have been trying to setup let`s encrypt and I have not been very successful. I am looking to have the renewal automated using certbot. Could anyone assist. I wil give the successful detailed solution £50.

    Rajbps



  • i can give you only a hint until someone else will better answer your question. i don't use haproxy inside pfsense.
    in this example requests from letsencrpt will be redirected to port 12345 where certbot is listening bypassing the default behavior

    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
    use_backend letsencrypt-bk if letsencrypt-acl

    backend letsencrypt-bk
    server letsencrypt ipserverweb:12345

    sudo certbot renew --tls-sni-01-port=12345



  • @kiokoman Thanks for the pointer.

    Where I am getting lost is I would like to use multiple web servers with https on so how to redirect each renewal request to the correct server.



  • @kiokoman said in Lets encrypt with haproxy setup and renewal:

    well-known/acme-challenge

    i think you have two options,
    acl for every domain
    example1.com/.well-known/acme-challenge/
    backend letsencrypt-bk1
    server letsencrypt1 ipserverweb1:12345
    example2.com/.well-known/acme-challenge/
    backend letsencrypt-bk2
    server letsencrypt2 ipserverweb2:12345

    or just use one server to generate / update the certs and then you can scp the certs to the others server with a script



  • as i said i don't use haproxy so you need to test this out

    create backend :
    Address: you put the webseerverip you have
    backend1.jpg

    create one for every webserver you have
    backend2.jpg :

    then you go to frontend and create acl and action:
    frontend1.jpg

    pls do not pm me i'm not helping for money donate it to netgate forum / buy a service or an appliance when you can afford it, from them / buy a new car for johnpoz / donate it to some charity
    have a nice day


Log in to reply