Skip to content

Latest commit

 

History

History
62 lines (45 loc) · 1.47 KB

README.md

File metadata and controls

62 lines (45 loc) · 1.47 KB

SSL certificate automation

This folder contains scripts required for auto-renewal of Let's Encrypt issued certificates utilizing certbot.

To use, either run ./renew_cert.py directly or install a cron job for ./renew-multiple-certs.py like so:

0 4 * * * root /path/to/script/renew-multiple-certs.py -s -m [email protected] -D domain1.example.com domain2.example.com

Alternatively, create a custom script holding all commands:

#!/bin/bash

/path/to/your/cloned/ssl-automation/renew-multiple-certs.py \
	-m [email protected] \
	-D \
	domain1.example.com \
	domain2.example.com \
	$@
#   ^^ passes arguments given to the bash script to the renewal script

and install that as a cron job (be sure not to omit --silent):

0 4 * * * root /path/to/your/script.sh --silent

To see script usage, run the following commands:

./renew_cert.py -h
./renew-multiple-certs.py -h

HAProxy config

To allow redirection of Let's Encrypt renewal requests to certbot, add the following config settings to HAProxy.

frontend http_in
	# bind IPv4 and IPv6
	bind *:80
	bind :::80

	# your regular config goes here

	# Test URI to see if its a letsencrypt request
	# Required for automatic renewals
	# has to be redirected in the HTTP section, not HTTPS
	acl letsencrypt-acl path_beg /.well-known/acme-challenge/
	use_backend letsencrypt_backend if letsencrypt-acl

# LE Backend
backend letsencrypt_backend
	server letsencrypt 127.0.0.1:8888