c3a8d8a380725e85df37c66f540dfaeda536e956
haproxy-letsencrypt-docker.md
| ... | ... | @@ -15,7 +15,7 @@ Docker and HAProxy and Let's Encrypt: minor pain in the arse. |
| 15 | 15 | There's a few things that make this a bit of a hassle: |
| 16 | 16 | 1. We want haproxy to be running on port 80/443, but those are the ports certbot needs to do validation<br/>We'll have to do this in two stages. |
| 17 | 17 | 2. haproxy with the default config won't start up if it can't resolve the container IPs for the backends.<br/>Since certbot is just a command to be run in a container, it probably won't be running when haproxy starts up.<br/>Some extra config is needed in haproxy. |
| 18 | -3. certbot needs to be run once in one way to request the certs, and then every couple of days/weeks in another way to check and renew certs.<br/>We'll need to different incantations for certbot. |
|
| 18 | +3. certbot needs to be run once in one way to request the certs, and then every couple of days/weeks in another way to check and renew certs.<br/>We'll need two different incantations for certbot. |
|
| 19 | 19 | 4. When the certs are renewed, we'll need to tell haproxy to pick them up<br/>Some docker-in-docker magic is required. |
| 20 | 20 | 5. certbot doesn't know how to make haproxy-complicit cert pem files<br/>We'll need to do a little scripting. |
| 21 | 21 |