Wednesday, January 6, 2016

Let's Encrypt SSL certificate for HAProxy


    git clone
    cd letsencrypt
    ./letsencrypt-auto --help

Make sure you allow access anywhere inbound and outbound.

    sudo /home/ubuntu/.local/share/letsencrypt/bin/letsencrypt certonly --standalone-supported-challenges http-01 -d -d

It will check if you own the domain. Make sure you have correct CNAME records for your domains.


     - Congratulations! Your certificate and chain have been saved at
       /etc/letsencrypt/live/ Your cert
       will expire on 2016-XX-XX. To obtain a new version of the
       certificate in the future, simply run Let's Encrypt again.
     - If you like Let's Encrypt, please consider supporting our work by:

       Donating to ISRG / Let's Encrypt:
       Donating to EFF:          

Combine the pem files and copy them to /etc/haproxy:

    sudo cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ > certificate.pem
    sudo cp certificate.pem /etc/haproxy/certificate.pem

No comments: