Multiple domains or frontents (using crt-list)

Question

Multiple domains or frontents (using crt-list)

Closed this issue 7 years ago · 2 comments

Can I use this plugin if we are serving many domains from one haproxy-instance?

Currently we are serving serts using the crt-list mechanism, which lists domains and their certs.

We also have multiple front ends (different ip-addresses).

Answer 1 · 2017-10-26T06:15:03.000Z

Yes you can, it's possible to serve multiple domains. But beware if you create a certificate for multiple domains with certbot the first domain listed in the -d argument is the name of the newly created letsencrypt folder. So don't change the order of the first domain after the initial enroll sequence because this will mess up your Letsencrypt folder structure.

So you should use certbot this way:

certbot certonly --text --webroot --webroot-path /var/lib/haproxy -d domain1.com -d domain2.com --renew-by-default --agree-tos --email your@emailaddress.com
sudo cat /etc/letsencrypt/live/domain1.com/privkey.pem
/etc/letsencrypt/live/domain1.com/fullchain.pem
| sudo tee /etc/letsencrypt/live/domain1.com/haproxy.pem >/dev/null

Add the /etc/letsencrypt/live/domain1.com/haproxy.pem only once to your front-end https config which serves all domains.

Answer 2 · 2017-11-13T18:34:36.000Z

Thank you!