On Wed, Dec 28, 2016 at 11:50 AM, Willy Tarreau <w...@1wt.eu> wrote: > Hi Baptiste, > > On Wed, Dec 28, 2016 at 09:32:07AM +0100, Baptiste wrote: > > I personally use a shell script (acme.sh https://github.com/Neilpang/ > acme.sh) > > to setup my certificates with let's encrypt. > > I noticed this one but not tried it yet. > > > I run it in my init script, before HAProxy starts up to replace my certs > > in-place. It's good enough for me, since the certs will be updated > > automatically if required after each conf change. > > > > I planned to release this script on gitlab at some point, and this could > be > > the right moment :) > > Yes, I'll wait for your scripts and howtos then. I'm really sick of > spending my time dealing with SSL on mondays, spam filtering on tuesdays, > mailing list archives rotation on wednesdays and so on. It takes me a lot > of time to learn how to adapt to such tools, far more than for normal > people, and it quickly gets me nervous and makes it harder for me to > concentrate on useful stuff :-/ > > Cheers, > Willy >
Hi all, Here you go: https://www.bedis9.net/posts/2016_12_28_letsencryptforhaproxy.html And the scripts on github: https://github.com/bedis/letsencryptforhaproxy Please note that the script generates both RSA and ECDSA certificates. I also added a second script to manage OCSP at run time (through the stats socket). Baptiste
