Working with Let's Encrypt using HAProxy-WI

About Let's Encrypt

Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. It launched on April 12, 2016.

Let's Encrypt certificates are valid for 90 days, during which renewal can take place at any time. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites.

The project claims its goal is to make encrypted connections to World Wide Web servers ubiquitous. By eliminating payment, web server configuration, validation email management and certificate renewal tasks, it is meant to significantly lower the complexity of setting up and maintaining TLS encryption.

Go to UP

How it works

HAProxy-WI provides the ability to get Let's Encrypt certificate via web interface. When you press a button "Get certificate" HAProxy-WI connects to remote server, installs the Certbot and with the Certbot try to obtain certificate for your domain.

After successfully obtaining HAProxy-WI creates cron job which will start monthly and renew your certificates.

Renewing script looks at /etc/letsencrypt/live/ folder and trying renew all certificates which exists in this folder. So, if you delete any folder in /etc/letsencrypt/live/, the script will not renew that certificate.

Go to UP

Check list

Before obtain a Let's Encrypt certificate you must do next action:
  1. Make sure that sets properly A/AAA DNS record to server's public IP address
  2. Make sure that your e-mail is active and you have access to it
  3. You have read terms of service and you agree with it
  4. Make sure that HAProxy accessible by 80(HTTP) port. Check you firewalls
  5. Make sure that HAProxy has the next settings:
    Or if you use Nginx as proxy server:
Go to UP

Was this article helpful?

Yes, thanks!
Not really
Go back