network:acme:renew_certs_using_a_container_and_haproxy
Renew certs using a container and HAProxy
If HAProxy uses the PROXY protocol to communicate with Apache on 127.0.0.1:80 and 127.0.0.1:443 then it must be disables. Find any send-proxy in /etc/haproxy/haproxy.cfg and temporarily remove it. Alternativly send-proxy may already be a variable. Then comment that to disable in /etc/sysconfig/haproxy:
sudo docker pull certbot/certbot sudo systemctl stop httpd sudo nano /etc/sysconfig/haproxy
# Comment for certbot docker container #SEND_PROXY=send-proxy
sudo systemctl restart haproxy sudo docker run -it --rm --name certbot \ -v "/etc/letsencrypt:/etc/letsencrypt" \ -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \ -v "/var/log/letsencrypt/:/var/log/letsencrypt/" \ -p 127.0.0.1:80:80 -p 127.0.0.1:443:443 \ certbot/certbot certonly --standalone \ -d git.machine-deck.jeffries-tube.at,office.machine-deck.jeffries-tube.at,dokuwiki.machine-deck.jeffries-tube.at sudo cat /etc/letsencrypt/live/git.machine-deck.jeffries-tube.at/fullchain.pem /etc/letsencrypt/live/git.machine-deck.jeffries-tube.at/privkey.pem | sudo tee /etc/haproxy/certs/git.machine-deck.jeffries-tube.at.pem sudo chown haproxy:haproxy /etc/haproxy/certs/git.machine-deck.jeffries-tube.at.pem sudo chmod 0660 /etc/haproxy/certs/git.machine-deck.jeffries-tube.at.pem sudo nano /etc/sysconfig/haproxy
# Comment for certbot docker container #SEND_PROXY=send-proxy
sudo systemctl restart httpd
network/acme/renew_certs_using_a_container_and_haproxy.txt · Last modified: by admin