Posted on 2016-12-28
Let'sencrypt (https://letsencrypt.org) is a free, automated and open Certificate Authority. It uses the ACME protocol (https://github.com/letsencrypt/acme-spec) to issue / renew certificates. Certificates provided by letsencrypt are valid for 90 days (3 months), which means we have to renew them very often! That said, this renewal can be fully automated thanks to the ACME protocol.
HAProxy is an open source Reverse-Proxy/Load-Balancer and I use it everywhere on my personnal websites. It can process SSL/TLS and of course is compatible with letsencrypt certificates. That said, it needs some help to get its certificates renewed and I wrote my own script to do the following:
For the ACME protocol layer, I use acme.sh (https://github.com/Neilpang/acme.sh), a simple and minimalistic shell script, yet very efficient!
My scripts for an easy integration of HAProxy and letsencrypt are available here: