itcrowdsource
commented
6 years ago Yes you can, it's possible to serve multiple domains. But beware if you create a certificate for multiple domains with certbot the first domain listed in the -d argument is the name of the newly created letsencrypt folder. So don't change the order of the first domain after the initial enroll sequence because this will mess up your Letsencrypt folder structure.
So you should use certbot this way:
certbot certonly --text --webroot --webroot-path /var/lib/haproxy -d domain1.com -d domain2.com --renew-by-default --agree-tos --email your@emailaddress.com sudo cat /etc/letsencrypt/live/domain1.com/privkey.pem \ /etc/letsencrypt/live/domain1.com/fullchain.pem \ | sudo tee /etc/letsencrypt/live/domain1.com/haproxy.pem >/dev/null
Add the /etc/letsencrypt/live/domain1.com/haproxy.pem only once to your front-end https config which serves all domains.
PatrikNorrgard
Can I use this plugin if we are serving many domains from one haproxy-instance?
Currently we are serving serts using the crt-list mechanism, which lists domains and their certs.
We also have multiple front ends (different ip-addresses).