haproxy-lua-acme icon indicating copy to clipboard operation
haproxy-lua-acme copied to clipboard
verified publisher icon haproxytech

Automating renewal?

Open mdeneen opened this issue 5 years ago • 3 comments

First of all, I really like this method of renewing certificates and the acme v2 client works great. When something goes wrong, though, it can be a bit difficult to handle and you end up with unexpected output in the pem file.

I ran the curl command, validated the entries, and life was good. Five minutes later I ran the same command and it issued new certificates. This is something that will surely get me in trouble if I placed it in a cron job.

Is there a recommended practice here?

mdeneen avatar Feb 23 '20 17:02 mdeneen

Hello, thanks for reporting the usability issues, we probably want detect already issued certs, so it doesn't request for new cert every time you run the commands. For now, you'd need to check the cert file on disk yourself (with openssl command), and decide whether to request new cert.

  • There is some pending work with haproxy-lua-acme, since starting with HAProxy 2.1 we have option for handling certs (see CLI options like show ssl cert, set ssl cert, etc)

anezirovic avatar Mar 05 '20 11:03 anezirovic

any news on that?

github-tomster avatar Feb 05 '21 14:02 github-tomster

Looking at this in 2022. I wonder how hard would be to merge this functionality with hashicorp consul (via API) or hashicorp vault.

ieugen avatar Jan 07 '22 15:01 ieugen