[kwlug-disc] Automatic renewal of wildcard certs

Mikalai Birukou mb at 3nsoft.com
Wed Feb 27 16:44:21 EST 2019


Take a look at a script create-haproxy-with-certbot.sh in 
https://kwlug.org/sites/default/files/2018-12/Mikalai-Modern_treasures_LXD-scripts-KWLUG-Dec2018.zip 
(resource from KWLUG past talk).

Bash script sets certbot with for webroot option of serving acme via 
haproxy (q1). In haproxy.cfg you add a respective backend for 
.../acme... paths.

You run getting certs first time manually, and it will remember what 
needs to be renewed, and how.

Script has post- and post-renewal hooks (q2). Pre-hook starts nginx that 
handles actual acme get requests.

This works and does renewal in production. Yes, certbot set cron jobs in 
ubuntu 18.

Cheers.

On 2019-02-27 2:34 p.m., Yas Adem wrote:
> Thanks for response Paul.  Using letsencrypt.
>
> Regards
> Yasin
>
> On Wed, Feb 27, 2019, 2:18 PM Paul Nijjar via kwlug-disc, 
> <kwlug-disc at kwlug.org <mailto:kwlug-disc at kwlug.org>> wrote:
>
>
>     I do not have such experience, but just to clarify: is this with Let's
>     Encrypt, or are you using another certificate authority?
>
>     - Paul
>
>     On Wed, Feb 27, 2019 at 10:11:56AM -0500, Yas Adem wrote:
>     > Hi Everyone,
>     >
>     > First time posting question in kwlug group. Wondering if anyone
>     have any
>     > experience enabling automatic renewal of wildcard certificate?
>     Your help
>     > much appreciated.
>     >
>
>     _______________________________________________
>     kwlug-disc mailing list
>     kwlug-disc at kwlug.org <mailto:kwlug-disc at kwlug.org>
>     http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-- 
Mikalai Birukou
CEO | 3NSoft Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20190227/70e08d66/attachment-0001.html>


More information about the kwlug-disc mailing list