Open dzintars opened 3 years ago
The problem appears if I am setting fresh system up without restoring files from backups.
Ideally Haproxy role should not care about certificate placement and combination. I think i should create Certbot role which can be added as dependency to Haproxy. This means that before Haproxy is started, certificates will be in place.
How to deal with signing new certificates manually (dns method)?
DNS method is nice because i don't need to deal with router forwarding, firewall rules, temporary http servers and what not. Probably i could use Terraform as it have Cloudflare module to set up the acme challenges. https://github.com/cloudflare/terraform-provider-cloudflare
Currently i have an issue that Haproxy role is creating
/etc/letsencrypt/live/oswee.com/
directory by placinghaproxy.pem
file, which in result conflicts withcertbot --manual certonly
certificate creation. Haproxy.pem is combination of all existing certificates into single file. This should be somehow managed gracefully.