dzintars
commented
3 years ago The problem appears if I am setting fresh system up without restoring files from backups.
Open dzintars opened 3 years ago
dzintars
commented
3 years ago The problem appears if I am setting fresh system up without restoring files from backups.
dzintars
commented
3 years ago Ideally Haproxy role should not care about certificate placement and combination. I think i should create Certbot role which can be added as dependency to Haproxy. This means that before Haproxy is started, certificates will be in place.
How to deal with signing new certificates manually (dns method)?
DNS method is nice because i don't need to deal with router forwarding, firewall rules, temporary http servers and what not. Probably i could use Terraform as it have Cloudflare module to set up the acme challenges. https://github.com/cloudflare/terraform-provider-cloudflare
Currently i have an issue that Haproxy role is creating
/etc/letsencrypt/live/oswee.com/directory by placinghaproxy.pemfile, which in result conflicts withcertbot --manual certonlycertificate creation. Haproxy.pem is combination of all existing certificates into single file. This should be somehow managed gracefully.