Bedis9 website

Letsencrypt for HAProxy

Posted on 2016-12-28

Let'sencrypt ( is a free, automated and open Certificate Authority. It uses the ACME protocol ( to issue / renew certificates. Certificates provided by letsencrypt are valid for 90 days (3 months), which means we have to renew them very often! That said, this renewal can be fully automated thanks to the ACME protocol.

HAProxy is an open source Reverse-Proxy/Load-Balancer and I use it everywhere on my personnal websites. It can process SSL/TLS and of course is compatible with letsencrypt certificates. That said, it needs some help to get its certificates renewed and I wrote my own script to do the following:

  • issue / renew certificate from letsencrypt
  • issue OCSP stamps from letsencrypt for my certificates and update them at run time into HAProxy

For the ACME protocol layer, I use (, a simple and minimalistic shell script, yet very efficient!

My scripts for an easy integration of HAProxy and letsencrypt are available here: