Closed camlafit closed 7 years ago
frozen-sky
commented
7 years ago I'm not sure if I agree. Certbot decides to use a separate file file the chain, the key and the certificate. They do not provide a file which has both key, cert and chain. However, if you use haproxy, this is a requirement.
We think it is not wise to interfere with the certbot file/directory structure.
camlafit
commented
7 years ago Hi
Yes should be a new directory but following their standard. Actually we have /etc/letsencrypt/ with individuals certificates and /opt/certbot/haproxy_fullchains/
Looks better to have standard certbot directory and /etc/letsencrypt/haproxy_fullchains
SnijderC
commented
7 years ago Hi @camlafit, did you try the --haproxy-crt-dir argument to the installer? Is this the functionality you are looking for?
camlafit
commented
7 years ago Hi
I not sure how about to use. I've tried a certbot run --authentificator --installer --certbot-directory-haproxy and get a unrecognized arguments
mrtndwrd
commented
7 years ago There are several reasons why that command fails. We use it like this:
certbot run --authenticator certbot-haproxy:haproxy-authenticator --installer certbot-haproxy:haproxy-installer --certbot-haproxy:haproxy-installer-haproxy-restart "<haproxy restart command>" --certbot-haproxy:haproxy-installer-haproxy-crt-dir <certificate directory> --certbot-haproxy:haproxy-installer-haproxy-config <configuration file path> --domain <domain> --config-dir <certbot configuration>
Especially note the following things:
certbot-haproxy:Let me know if this helps!
camlafit
commented
7 years ago Hi
Thanks a lot :) With these directives look ok.
With jessie at least should be better to store fullkey in /etc/letsencrypt/ (as act default certbot package) but files are stored /opt/certbot/haproxy_fullchains/
Is it possible to config this path ?