Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. It launched on April 12, 2016.
Let's Encrypt certificates are valid for 90 days, during which renewal can take place at any time. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites.
The project claims its goal is to make encrypted connections to World Wide Web servers ubiquitous. By eliminating payment, web server configuration, validation email management and certificate renewal tasks, it is meant to significantly lower the complexity of setting up and maintaining TLS encryption.
HAProxy-WI provides the ability to get Let's Encrypt certificate via web interface. When you press a button "Get certificate" HAProxy-WI connects to remote server, installs the Certbot and with the Certbot try to obtain certificate for your domain.
After successfully obtaining HAProxy-WI creates cron job which will start monthly and renew your certificates.
Renewing script looks at /etc/letsencrypt/live/ folder and trying renew all certificates which exists in this folder. So, if you delete any folder in /etc/letsencrypt/live/, the script will not renew that certificate.
- Make sure that sets properly A/AAA DNS record to server's public IP address
- Make sure that your e-mail is active and you have access to it
- You have read terms of service and you agree with it
- Make sure that HAProxy accessible by 80(HTTP) port. Check you firewalls
Make sure that HAProxy has the next settings: