Let's Encrypt

Working with Let's Encrypt using HAProxy-WI

About Let's Encrypt


Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. It launched on April 12, 2016.

Let's Encrypt certificates are valid for 90 days, during which renewal can take place at any time. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites.
The project claims its goal is to make encrypted connections to World Wide Web servers ubiquitous. By eliminating payment, web server configuration, validation email management and certificate renewal tasks, it is meant to significantly lower the complexity of setting up and maintaining TLS encryption.

How it works


HAProxy-WI provides the ability to get Let's Encrypt certificate via web interface. When you press a button "Get certificate" HAProxy-WI connects to remote server, installs the Certbot and with the Certbot try to obtain certificate for your domain. After successfuly obtaining HAProxy-WI creates cron job which will start monthly and renew your certificates

Check list


Before obtain a Let's Encrypt certificate you must do next action:
  1. Make sure that sets properly A/AAA DNS record to server's public IP address
  2. Make sure that your e-mail is active and you have access to it
  3. You have read terms of service and you agree with it
  4. Make sure that HAProxy accessible by 80(HTTP) port. Check you firewalls
  5. Make sure that HAProxy has the next settings:
    Or if you use Nginx as proxy server: