[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: website glitch

From: ayleph
Subject: Re: website glitch
Date: Mon, 17 Feb 2020 12:39:55 -0800
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0

I realize I'm a few months late to this thread, but here's a tip for
automating the haproxy part if you haven't figured it out yet.

I use a renewal hook to restart services after renewing a certificate.
See the example below.


$ cat /etc/letsencrypt/renewal-hooks/deploy/

systemctl restart dovecot postfix haproxy


This will run any time any cert on the machine is renewed which could
cause multiple restarts. If you want to take specific actions for
specific certs, you can switch on the $RENEWED_DOMAINS variable as shown
in this example from the Certbot documentation at



set -e

for domain in $RENEWED_DOMAINS; do
        case $domain in

                # Make sure the certificate and private key files are
                # never world readable, even just for an instant while
                # we're copying them into daemon_cert_root.
                umask 077

                cp "$RENEWED_LINEAGE/fullchain.pem"
                cp "$RENEWED_LINEAGE/privkey.pem"

                # Apply the proper file ownership and permissions for
                # the daemon to read its certificate and key.
                chown some-daemon "$daemon_cert_root/$domain.cert" \
                chmod 400 "$daemon_cert_root/$domain.cert" \

                service some-daemon restart >/dev/null


On 11/23/19 8:11 AM, Simon Fondrie-Teitler wrote:
> Thanks for the heads up. I've got the renewal automated, just not the piece 
> that tells haproxy it has been renewed. It's back up now.
> hjenkins <address@hidden> writes:
>> The security cert for seems to have 
>> expired on 15 November 2019.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]