After renewing the certificate, the script fails to create happroxy.pem. This is because the tee is invoked with sudo which causes the command to fail. It's safe to remove sudo as the entire script will be invoked with sudo anyway.
$ git diff
diff --git a/cert-renewal-haproxy.sh b/cert-renewal-haproxy.sh
index 1beb462..4712a23 100755
--- a/cert-renewal-haproxy.sh
+++ b/cert-renewal-haproxy.sh
@@ -90,7 +90,7 @@ done < <(find /etc/letsencrypt/live -name cert.pem -print0)
# create haproxy.pem file(s)
for domain in ${renewed_certs[@]}; do
- cat ${le_cert_root}/${domain}/privkey.pem ${le_cert_root}/${domain}/fullchain.pem | sudo tee ${le_cert_root}/${domain}/haproxy.pem >/dev/null
+ cat ${le_cert_root}/${domain}/privkey.pem ${le_cert_root}/${domain}/fullchain.pem | tee ${le_cert_root}/${domain}/haproxy.pem >/dev/null
if [ $? -ne 0 ]; then
logger_error "failed to create haproxy.pem file!"
exit 1
After renewing the certificate, the script fails to create happroxy.pem. This is because the tee is invoked with sudo which causes the command to fail. It's safe to remove sudo as the entire script will be invoked with sudo anyway.