Bedis9 website

Letsencrypt for HAProxy

Posted on 2016-12-28

Let'sencrypt (https://letsencrypt.org) is a free, automated and open Certificate Authority. It uses the ACME protocol (https://github.com/letsencrypt/acme-spec) to issue / renew certificates. Certificates provided by letsencrypt are valid for 90 days (3 months), which means we have to renew them very often! That said, this renewal can be fully automated thanks to the ACME protocol.

HAProxy is an open source Reverse-Proxy/Load-Balancer and I use it everywhere on my personnal websites. It can process SSL/TLS and of course is compatible with letsencrypt certificates. That said, it needs some help to get its certificates renewed and I wrote my own script to do the following:

  • issue / renew certificate from letsencrypt
  • issue OCSP stamps from letsencrypt for my certificates and update them at run time into HAProxy

For the ACME protocol layer, I use acme.sh (https://github.com/Neilpang/acme.sh), a simple and minimalistic shell script, yet very efficient!

My scripts for an easy integration of HAProxy and letsencrypt are available here:

About

Load-balancing, web applications and networking interested.
Open source addict!

Menu

  1. Archive
  2. About the author
  3. GitHub
  4. Twitter
  5. Feed

Tag cloud

    android
    blog
    brother
    chrome
    cross-compilatoin
    debian
    homeassistant
    letsencrypt
    linux
    me
    observability
    pixel2
    printer
    quic
    stockrom
    openssl
    ssl
    haproxy