# Renew certs using a container and HAProxy

If HAProxy uses the `PROXY protocol` to communicate with Apache on 127.0.0.1:80 and 127.0.0.1:443 then it must be disables.  
Find any `send-proxy` in `/etc/haproxy/haproxy.cfg` and temporarily remove it.  
Alternativly `send-proxy` may already be a variable. Then comment that to disable in `/etc/sysconfig/haproxy`:
```bash
sudo docker pull certbot/certbot
sudo systemctl stop httpd
sudo nano /etc/sysconfig/haproxy
```
```ini
# Comment for certbot docker container
#SEND_PROXY=send-proxy
```
```bash
sudo systemctl restart haproxy
sudo docker run -it --rm --name certbot \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
            -v "/var/log/letsencrypt/:/var/log/letsencrypt/" \
            -p 127.0.0.1:80:80 -p 127.0.0.1:443:443 \
            certbot/certbot certonly --standalone \
            -d git.machine-deck.jeffries-tube.at,office.machine-deck.jeffries-tube.at,dokuwiki.machine-deck.jeffries-tube.at
sudo cat /etc/letsencrypt/live/git.machine-deck.jeffries-tube.at/fullchain.pem /etc/letsencrypt/live/git.machine-deck.jeffries-tube.at/privkey.pem | sudo tee /etc/haproxy/certs/git.machine-deck.jeffries-tube.at.pem
sudo chown haproxy:haproxy /etc/haproxy/certs/git.machine-deck.jeffries-tube.at.pem
sudo chmod 0660 /etc/haproxy/certs/git.machine-deck.jeffries-tube.at.pem
sudo nano /etc/sysconfig/haproxy
```
```ini
# Comment for certbot docker container
#SEND_PROXY=send-proxy
```
```bash
sudo systemctl restart httpd
```