Projekte

User Tools

Site Tools

Trace: pikvm_backup options_for_zfs_on_raid podman_publish_and_ipv6 https_certificates_for_services_on_other_machines copy_dirs_using_tar_pipes_and_a_speeed_monitor measurements_vm-hdd-disks renew_certs_using_a_container_and_haproxy
network:acme:renew_certs_using_a_container_and_haproxy

**This is an old revision of the document!**

Renew certs using a container and HAProxy

If HAProxy uses the PROXY protocol to communicate with Apache on 127.0.0.1:80 and 127.0.0.1:443 then it must be disables. Find any send-proxy in /etc/haproxy/haproxy.cfg and temporarily remove it. Alternativly send-proxy may already be a variable. Then comment that to disable in /etc/sysconfig/haproxy: 

sudo docker pull certbot/certbot
sudo systemctl stop httpd
sudo nano /etc/sysconfig/haproxy
# Comment for certbot docker container
#SEND_PROXY=send-proxy
sudo systemctl restart haproxy
sudo docker run -it --rm --name certbot \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
            -v "/var/log/letsencrypt/:/var/log/letsencrypt/" \
            -p 127.0.0.1:80:80 -p 127.0.0.1:443:443 \
            certbot/certbot certonly --standalone \
            -d git.machine-deck.jeffries-tube.at,office.machine-deck.jeffries-tube.at,dokuwiki.machine-deck.jeffries-tube.at
sudo nano /etc/sysconfig/haproxy
# Comment for certbot docker container
#SEND_PROXY=send-proxy
sudo systemctl restart httpd
network/acme/renew_certs_using_a_container_and_haproxy.1691670679.txt.gz · Last modified: by admin