Projekte

User Tools

Site Tools

Trace: wireguard_access_to_home_network_using_pikvm set_a_static_address_part_with_ipv6_and_ubuntu_netplan set_a_static_address_part_with_ipv6_and_debian_ifupdown reinstall_boot_loader renew_certs_using_a_container_and_haproxy
network:acme:renew_certs_using_a_container_and_haproxy

**This is an old revision of the document!**

Renew certs using a container and HAProxy

If HAProxy uses the PROXY protocol to communicate with Apache on 127.0.0.1:80 and 127.0.0.1:443 then it must be disables. Find any send-proxy in /etc/haproxy/haproxy.cfg and temporarily remove it. Alternativly send-proxy may already be a variable. Then comment that to disable in /etc/sysconfig/haproxy: 

sudo docker pull certbot/certbot
sudo systemctl stop httpd
sudo nano /etc/sysconfig/haproxy
# Comment for certbot docker container
#SEND_PROXY=send-proxy
sudo systemctl restart haproxy
sudo docker run -it --rm --name certbot \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
            -v "/var/log/letsencrypt/:/var/log/letsencrypt/" \
            -p 127.0.0.1:80:80 -p 127.0.0.1:443:443 \
            certbot/certbot certonly --standalone \
            -d git.machine-deck.jeffries-tube.at,office.machine-deck.jeffries-tube.at,dokuwiki.machine-deck.jeffries-tube.at
 
sudo nano /etc/sysconfig/haproxy
network/acme/renew_certs_using_a_container_and_haproxy.1691670634.txt.gz · Last modified: by 127.0.0.1