Working with Let's Encrypt using HAProxy-WI
Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that
provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. It launched on April 12, 2016.
Let's Encrypt certificates are valid for 90 days, during which renewal can take place at any time.
The offer is accompanied by an automated process designed to overcome manual creation, validation, signing,
installation, and renewal of certificates for secure websites.
The project claims its goal is to make encrypted connections to World Wide Web servers ubiquitous.
By eliminating payment, web server configuration, validation email management and certificate renewal tasks,
it is meant to significantly lower the complexity of setting up and maintaining TLS encryption.
HAProxy-WI provides the ability to get Let's Encrypt certificate via web interface. When you press a button
"Get certificate" HAProxy-WI connects to remote server, installs the Certbot and with the Certbot try to obtain certificate
for your domain.
After successfully obtaining HAProxy-WI creates cron job which will start monthly and renew your certificates.
Renewing script looks at /etc/letsencrypt/live/ folder and trying renew all certificates which exists in this folder.
So, if you delete any folder in /etc/letsencrypt/live/, the script will not renew that certificate.
Before obtain a Let's Encrypt certificate you must do next action:
Make sure that sets properly A/AAA DNS record to server's public IP address
Make sure that your e-mail is active and you have access to it
You have read terms of service
and you agree with it
Make sure that HAProxy accessible by 80(HTTP) port. Check you firewalls
Make sure that HAProxy has the next settings:
Or if you use Nginx as proxy server: