Daniel M
096ac29f26
- Implemented live certificate reloading for haproxy using the runtime api. This does NOT remove deleted certificates from haproxy - Bump version to 0.2.0
Lé easy certs
(Let's Encrypt easy certificates)
Project state
This project is in a really early state and is in no way stable or ready for production.
How to use
The program reads the configuration file and requests / renews the certificates according to the configuration.
- If specified, the first CLI argument will be used as path for the config file
- If specified (and no CLI arg), the
LE_CONFenvironment variable will be used as path for the config file - If nothing is specified, a config file
./le-conf.tomlwill be used
Example config
[http]
ip = "0.0.0.0"
port = 80
[certs.example_cert1]
renew_days = 30
account_file = "./account.pem"
fullchain_file = "./example_com_fullchain.pem"
domains = [
"example.com",
"www.example.com",
"sub1.example.com",
"sub2.example.com",
]
[certs.example_cert2]
renew_days = 30
account_file = "./account.pem"
fullchain_file = "./example2_com_fullchain.pem"
domains = [
"example2.com",
"www.example2.com",
]
Docker
The docker image is not yet fully usage. The intention is to have a le-easy-certs container
running next to a a haproxy container and automatically renew / update the certificates when
needed. Also the certificates could be hot reloaded in haproxy at some point.
Right now the docker image could be used to run le-easy-certs manually / automated at fixed times
controlled by the host.