c20c333aa4e189af2fc1b090c9a479bb8f82ab66
haproxy-letsencrypt-docker.md
| ... | ... | @@ -47,8 +47,8 @@ The deploy-hook script looks like: |
| 47 | 47 | ```sh |
| 48 | 48 | #!/usr/bin/env bash |
| 49 | 49 | |
| 50 | -cat /etc/letsencrypt/live/wiki.davidstark.name/fullchain.pem \ |
|
| 51 | - /etc/letsencrypt/live/wiki.davidstark.name/privkey.pem \ |
|
| 50 | +cat /etc/letsencrypt/live/domain1.example.com/fullchain.pem \ |
|
| 51 | + /etc/letsencrypt/live/domain1.example.com/privkey.pem \ |
|
| 52 | 52 | > /etc/letsencrypt/haproxy.pem \ |
| 53 | 53 | && docker kill -s HUP haproxy |
| 54 | 54 | ``` |
| ... | ... | @@ -87,6 +87,7 @@ In the above we're requesting certs for domain1 and domain2 under example.com. R |
| 87 | 87 | certbot listens on port 8000, which docker is mapping to port 80 and making available to the outside world for Let's Encrypt to talk to. We don't need port 443 mapped, because this is an initial request, so Let's Encrypt should be fine with port 80. |
| 88 | 88 | Also of note, we're attaching a Volume to /etc/letsencrypt - that's where the certs end up, and that's how we'll make them available to haproxy. |
| 89 | 89 | The command concatenates the cert chain and private key into a format that haproxy understands, and dumps it out into the mounted /etc/letsencrypt volume. |
| 90 | +The certs are named after the first domain specified, so that ends up in the paths under /etc/letsencrypt. You might be able to change that, but see [rule 1](/rules). |
|
| 90 | 91 | |
| 91 | 92 | With all three files in your current dir, run: `docker-compose -i docker-compose-stage1.yml up` and you should hopefully see a message like: |
| 92 | 93 |